• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 222
  • Last Modified:

someone's been changing dates

Windows XP:  This is my computer but several people use it.  They know I
have the ability to check certain activity logs (keylogger etc) but aren't technical enough to mess with the monitors.  HOWEVER I suspect that someone got the bright idea of changing (today's) DATE when they begin, then changing it back when they're done.   Kind of a poor-man's way to fly under the radar I guess.  ANYWAY I figure they're probably just double-clicking on the system tray time, changing today's date on the calendar.

QUESTION:  Is there any way to determine if anyone has done this, and if so, when it was done ?  (The keyloggers don't catch it I guess because it's basically all done via mouse).
0
ccbon
Asked:
ccbon
  • 5
  • 2
  • 2
2 Solutions
 
Pete LongConsultantCommented:
change the system time is a user priveledge - remove it from the other computert users - and they cannot do it anymore
0
 
luv2smileCommented:
Why not just disable this feature so that they can't change the time?

This is easily done thru the use of local policy

start- run- type: gpedit.msc

Then navigate to:

Comptuer config- windows settings- security settings- local policies- user rights assignment- change the system time

The users/groups listed here can change the time...by default it is administrators and power users. Remove the power users group and then for anyone you want to change the time specifically add in their account.
0
 
Pete LongConsultantCommented:
or locate the timedate.cpl file (in windows\system32) and no one can change the time :)
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
Pete LongConsultantCommented:
I mean locate and delete
0
 
ccbonAuthor Commented:
THANKS TO BOTH OF YOU
0
 
Pete LongConsultantCommented:
Thanks - I got a notif to say this was a closed question - but its looking open ?? Strange
0
 
ccbonAuthor Commented:
POST ANSWER COMMENT FROM CCBON:  
RE comment from PeteLong:
ACTUALLY NOT SO STRANGE:
I had some technical difficulties with accepting your answers as I wanted to; when I read AND tried your (plural)  answer, I wanted to A) INCREASE the points to a total of 400, and B) Split the 400 points so each of you got 200 (deservedly).

However, in attempting to do BOTH the increase AND split in the same transaction, something went SOUTH and I got a scolding from the system saying "illegal" or "prohibited" or some such thing.
THen it said "you can't split points on this question".  Yet when I viewed it it LOOKED closed and split and answered.  So I contacted a sys admin. and asked him to FIX IT FOR ME SO I COULD DO A QUICK AND DIRTY POST-HOC change to jack up the points for your guys
via steps A & B above.  He kindly accomodated me, by upping the points, then gave it back to me to split (as 'open') and accept from there.  I just did it.  Hope that explains it satisfactorily.  Sorry for the confusion.  You should now each get 200 pts. and the question
should be fin.  THANKS !
0
 
Pete LongConsultantCommented:
ThanQ
0
 
luv2smileCommented:
Thanks :)
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now