Auditing a User

D

Dan

Is there a way to track a users activity. I want to track everything a user
does on his pc. Im on a windows 2k Network. I only want to track this
certain user not the entire domain.
 
R

Ryan Hanisco

You could stand over his shoulder as he uses his computer.

What specifically are you looking for? Tracking "everything" isn't telling
enough.

Do you want where he goes on the web, what files he opens, where his mouse
pointer was in millisecond intervals?
 
D

Dan

i want to know what files he is using, deleting. Internet i dont really
care. just file acess.

thanks
 
S

Steven L Umbach

To track everything you would need a keyboard logger but I would NOT do that
without consulting legal and personnel first. Other than that you can use
the built in auditing on a W2K computer though it will record Events for all
users on the computer unless you enable auditing of object access and then
audit folders/files for permissions for that user. If you do such be sure to
audit only for that user and only for exactly what you want to track. If you
try to audit the while system you will have gazillions of 560/562 object
access events recorded in the security log which you will want to increase
substantially from default if you enable folder/file auditing. The links
below should help. Internet access can often be tracked in the firewall logs
by computer IP source address to ports 80/443 outbound for instance. For
most reliability the computer you want to track should have a static IP
address. --- Steve

http://www.comptechdoc.org/os/windows/win2k/win2kauditing.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://www.microsoft.com/technet/security/guidance/secmod128.mspx
 
B

Bill Baka

Steven said:
To track everything you would need a keyboard logger but I would NOT do that
without consulting legal and personnel first. Other than that you can use
the built in auditing on a W2K computer though it will record Events for all
users on the computer unless you enable auditing of object access and then
audit folders/files for permissions for that user. If you do such be sure to
audit only for that user and only for exactly what you want to track. If you
try to audit the while system you will have gazillions of 560/562 object
access events recorded in the security log which you will want to increase
substantially from default if you enable folder/file auditing. The links
below should help. Internet access can often be tracked in the firewall logs
by computer IP source address to ports 80/443 outbound for instance. For
most reliability the computer you want to track should have a static IP
address. --- Steve

http://www.comptechdoc.org/os/windows/win2k/win2kauditing.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://www.microsoft.com/technet/security/guidance/secmod128.mspx
Click to expand...
That could get very interesting.
About 3 years ago I caught one of the mechanical engineers storing 'XXX'
mpegs on the company server under his account. This was just on a pass
at cleaning up some of the old junk on the server, so I wonder what else
he did on the companies account that didn't get caught.
Be careful what you ask for because you might get it and then some.
Bill Baka
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

audit of domain user changing domain user account password 2
Outlook Tracking category changes 1
Auditing ? 1
User Auditing.. 1
users logon and Logoff Auditing 1
Tracking access to folder 2
Auditing for account or group creation priviledge 0
Last Modified By in a cell by user 3

Top