• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 157
  • Last Modified:

Please provide a Step by Step on how to track a user on the system

My boss has a concern that a particular user may be copying sensitive information or abusing their access rights on the netowrk. She has asked me to find out if there is a way of tracking this user to see when they are loggin on to the server, their own PC, accessing files, copying files where they are coipying files to, editing files and deleting files.
Is this posible, if so, exactly how would I go about setting this up in such a way that would be easy to report on. Therefore, I would like to provide a report that says for example:
On Monday @ 9:11 a.m. they logged onto their machine, at 9:21 a.m. they read a file on such and such a shared folder, they then copied another file to their hard drive @ 10:15 a.m. . They then logged off at 11:00a.m.
 
0
Bartley1969
Asked:
Bartley1969
  • 2
3 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
You can't quite do all of that... but you can get a lot.  You need to enable auditing on her PC and the server(s) where the files are.  Then you need to select the files you want audited and enable auditing on them.  It is NOT recommended that you enable auditing on ALL files as this can cause a negative impact on system performance.

Auditing can tell you:
 1. When a user logs on or off
 2. When a file is accessed or deleted

As for otherwise protecting data and determining when and where a file is copied is not possible through any included means I've seen.  There are document management products available, but they typically cost $1000's (sorry, no recommendations on these as I've only read about them and that was a while ago).  You could implement scripts to prevent the use of USB external storage as well as disabling CD burners and floppy drives (removing them).  Then you have to worry about e-mail - this is where network security software can play a role - again, EXPENSIVE and I've only read about it.

Basically, there are solutions, but unless you're willing to spend BIG money, I don't know any for small business.
0
 
AdamRobinsonCommented:
Auditing, for Server 2003:

http://technet2.microsoft.com/windowsserver/en/technologies/featured/audit/default.mspx

Auditing, for XP:

http://itinfo.mit.edu/article.php?id=7324

You are talking about a very broad category of actions, and there's no simple how-to on protecting yourself from internal security threats.

If you are truly worried, and this isn't just a paranoid boss, you have a responsibility to your workplace and any potential clients to lock that employee out from the system.  Once the information is taken, it is gone -- it is no different than opening it to the whole world.  Sitting back "wondering whether it is going on," while it is happening is no different than actively encouraging it, except perhaps legally.

My real question would be: Why would the boss think this if you clearly have no evidence of its occuring since you have no current way of tracking?

Leew did leave out one simple, and inexpensive means, of figuring this out, though it may not necessarily be legal in your situation (though it likely is).  You could install a keylogger on the employee's computer, and run a low quality screen capture if you're not able to purchase software or do any of the the other things previously mentioned.  Please be aware that a computer savvy employee (especially if you grant him or her administrative rights), will likely be able to detect this, granted it doesn't seem you're all that familiar with the idea of internal security management.

Let me know if that helps, or if you have any other specific questions.
0
 
AdamRobinsonCommented:
Assuming you may want to eventually apply some sort of file auditing to all users (please beware, Leew's comment on system performance is important if you go overboard), here is a link on how to do it with Group Policy:

http://technet2.microsoft.com/WindowsServer/en/library/3b5204b3-8b18-4b14-babd-a81532331af61033.mspx?mfr=true

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now