tracking what programs are launched?

  • Thread starter Thread starter djc
  • Start date Start date
D

djc

I need to be able to see 'who' is running certian programs and when... lets
say Solitaire for example.

Now I know of course if Solitaire should not be run it just shouldn't be on
the machine... so, moving past that, what options do I have to log when the
program is run?

I am hoping to find a simple, already there, kind of solution... like
turning on some kind of logging which I can just search through with a batch
or script file as opposed to some full blown 'monitoring' software suite
that would need to be installed on the target machines. The least amount of
effort is the goal since I will in fact just be removing these programs. But
I have been asked to find out the whos and whens first.

note:
- I know there are several ways to prevent programs from being run such as
using a GPO to create an Allow list of programs. Right now, the object is
not to prevent it but to so who is running it and when.

any info would be greatly appreciated.
 
You can enable auditing of object access on a computer and then audit an
executable for the execute permission. Of course that will not work for user
installed executables. Another built in method would be to enable auditing
of process tracking. Yeah there will be a lot to sift through but the info
will probably be there. Try it out on a test computer to see if it does what
you want. The problem with process tracking is that is can not be enabled on
a user/group basis. EventComb is free from Microsoft and can help a lot in
searching multiple computers for specific events and text strings. ---
Steve
 
oh ya! I should have thought of that considering I am currently preparing
for the Security elective test as part of the MCSA 2000: Security Cert!
Shame on me.

Thanks Steve.
-djc
 
OK! Good luck on your exams. Since you are pursuing security elective I also
highly recommend that you buy [and read] the Windows Security Resource Kit.
Note that you may be able to but it used on Amazon for a very reasonable
price [$10 or so]. I have had good luck buying used books from Amazon's used
book vendors that are available from the page where you find a book. Often
the books are in like new condition with a minor bent corner on the front
cover or such and can not be sold as new. --- Steve

http://www.amazon.com/exec/obidos/A...69239/sr=11-1/ref=sr_11_1/104-7266434-6041566
http://www.amazon.com/gp/product/of...ef=dp_pb_a//104-7266434-6041566?condition=all
-- same book, used vendors.
 
Ok, I will. thanks again.
-djc

Steven L Umbach said:
OK! Good luck on your exams. Since you are pursuing security elective I also
highly recommend that you buy [and read] the Windows Security Resource Kit.
Note that you may be able to but it used on Amazon for a very reasonable
price [$10 or so]. I have had good luck buying used books from Amazon's used
book vendors that are available from the page where you find a book. Often
the books are in like new condition with a minor bent corner on the front
cover or such and can not be sold as new. --- Steve

http://www.amazon.com/exec/obidos/A...ef=dp_pb_a//104-7266434-6041566?condition=all
-- same book, used vendors.

djc said:
oh ya! I should have thought of that considering I am currently preparing
for the Security elective test as part of the MCSA 2000: Security Cert!
Shame on me.

Thanks Steve.
-djc

enabled
on such
as object
is
Click to expand...
Click to expand...
 
Back
Top