Solved

Please provide a Step by Step on how to track a user on the system

Posted on 2006-11-08
3
147 Views
Last Modified: 2010-04-18
My boss has a concern that a particular user may be copying sensitive information or abusing their access rights on the netowrk. She has asked me to find out if there is a way of tracking this user to see when they are loggin on to the server, their own PC, accessing files, copying files where they are coipying files to, editing files and deleting files.
Is this posible, if so, exactly how would I go about setting this up in such a way that would be easy to report on. Therefore, I would like to provide a report that says for example:
On Monday @ 9:11 a.m. they logged onto their machine, at 9:21 a.m. they read a file on such and such a shared folder, they then copied another file to their hard drive @ 10:15 a.m. . They then logged off at 11:00a.m.
 
0
Comment
Question by:Bartley1969
  • 2
3 Comments
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 150 total points
ID: 17898732
You can't quite do all of that... but you can get a lot.  You need to enable auditing on her PC and the server(s) where the files are.  Then you need to select the files you want audited and enable auditing on them.  It is NOT recommended that you enable auditing on ALL files as this can cause a negative impact on system performance.

Auditing can tell you:
 1. When a user logs on or off
 2. When a file is accessed or deleted

As for otherwise protecting data and determining when and where a file is copied is not possible through any included means I've seen.  There are document management products available, but they typically cost $1000's (sorry, no recommendations on these as I've only read about them and that was a while ago).  You could implement scripts to prevent the use of USB external storage as well as disabling CD burners and floppy drives (removing them).  Then you have to worry about e-mail - this is where network security software can play a role - again, EXPENSIVE and I've only read about it.

Basically, there are solutions, but unless you're willing to spend BIG money, I don't know any for small business.
0
 
LVL 16

Assisted Solution

by:AdamRobinson
AdamRobinson earned 350 total points
ID: 17898779
Auditing, for Server 2003:

http://technet2.microsoft.com/windowsserver/en/technologies/featured/audit/default.mspx

Auditing, for XP:

http://itinfo.mit.edu/article.php?id=7324

You are talking about a very broad category of actions, and there's no simple how-to on protecting yourself from internal security threats.

If you are truly worried, and this isn't just a paranoid boss, you have a responsibility to your workplace and any potential clients to lock that employee out from the system.  Once the information is taken, it is gone -- it is no different than opening it to the whole world.  Sitting back "wondering whether it is going on," while it is happening is no different than actively encouraging it, except perhaps legally.

My real question would be: Why would the boss think this if you clearly have no evidence of its occuring since you have no current way of tracking?

Leew did leave out one simple, and inexpensive means, of figuring this out, though it may not necessarily be legal in your situation (though it likely is).  You could install a keylogger on the employee's computer, and run a low quality screen capture if you're not able to purchase software or do any of the the other things previously mentioned.  Please be aware that a computer savvy employee (especially if you grant him or her administrative rights), will likely be able to detect this, granted it doesn't seem you're all that familiar with the idea of internal security management.

Let me know if that helps, or if you have any other specific questions.
0
 
LVL 16

Accepted Solution

by:
AdamRobinson earned 350 total points
ID: 17898826
Assuming you may want to eventually apply some sort of file auditing to all users (please beware, Leew's comment on system performance is important if you go overboard), here is a link on how to do it with Group Policy:

http://technet2.microsoft.com/WindowsServer/en/library/3b5204b3-8b18-4b14-babd-a81532331af61033.mspx?mfr=true

0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question