Audit & log CDROM Access

[Amihai Bareket]

In my network there are no CDROM and Floppy drives on any of the users
computers due to network security reasons.
We keep the CD and Floppy drives on the servers, but need to monitor access
to them.
The network infrastructure is Windows Server 2003 Active Directory.
Is it possible to audit CD & Floppy access?
Will one of the audit policies in the GPO write an event to the event viewer
when a CD is put in the drive?

If not, is there another way of doing this? SNMP traps? Third-Party tools?

 

[Phillip Windell]

In my network there are no CDROM and Floppy drives on any of the users
computers due to network security reasons.

What about file attachments in Email that they can sendout to someone or
those USB memory stick "drives" that they can carry in and out in the shirt
pocket?

We keep the CD and Floppy drives on the servers, but need to monitor access
to them.
The network infrastructure is Windows Server 2003 Active Directory.
Is it possible to audit CD & Floppy access?
Will one of the audit policies in the GPO write an event to the event viewer
when a CD is put in the drive?

I have never heard of such a thing.

The proper way to do this is to have the machines in a secure room. If a
"bad guy" has physical access to the Server, then it isn't your server
anymore.

 

[Marco]

Hi

Sanctuary from SecureWave can audit all writable devices: both the "who" as
well as (optionally) the content written.

Marco