Solved

Please provide a Step by Step on how to track a user on the system

Posted on 2006-11-08
3
144 Views
Last Modified: 2010-04-18
My boss has a concern that a particular user may be copying sensitive information or abusing their access rights on the netowrk. She has asked me to find out if there is a way of tracking this user to see when they are loggin on to the server, their own PC, accessing files, copying files where they are coipying files to, editing files and deleting files.
Is this posible, if so, exactly how would I go about setting this up in such a way that would be easy to report on. Therefore, I would like to provide a report that says for example:
On Monday @ 9:11 a.m. they logged onto their machine, at 9:21 a.m. they read a file on such and such a shared folder, they then copied another file to their hard drive @ 10:15 a.m. . They then logged off at 11:00a.m.
 
0
Comment
Question by:Bartley1969
  • 2
3 Comments
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 150 total points
Comment Utility
You can't quite do all of that... but you can get a lot.  You need to enable auditing on her PC and the server(s) where the files are.  Then you need to select the files you want audited and enable auditing on them.  It is NOT recommended that you enable auditing on ALL files as this can cause a negative impact on system performance.

Auditing can tell you:
 1. When a user logs on or off
 2. When a file is accessed or deleted

As for otherwise protecting data and determining when and where a file is copied is not possible through any included means I've seen.  There are document management products available, but they typically cost $1000's (sorry, no recommendations on these as I've only read about them and that was a while ago).  You could implement scripts to prevent the use of USB external storage as well as disabling CD burners and floppy drives (removing them).  Then you have to worry about e-mail - this is where network security software can play a role - again, EXPENSIVE and I've only read about it.

Basically, there are solutions, but unless you're willing to spend BIG money, I don't know any for small business.
0
 
LVL 16

Assisted Solution

by:AdamRobinson
AdamRobinson earned 350 total points
Comment Utility
Auditing, for Server 2003:

http://technet2.microsoft.com/windowsserver/en/technologies/featured/audit/default.mspx

Auditing, for XP:

http://itinfo.mit.edu/article.php?id=7324

You are talking about a very broad category of actions, and there's no simple how-to on protecting yourself from internal security threats.

If you are truly worried, and this isn't just a paranoid boss, you have a responsibility to your workplace and any potential clients to lock that employee out from the system.  Once the information is taken, it is gone -- it is no different than opening it to the whole world.  Sitting back "wondering whether it is going on," while it is happening is no different than actively encouraging it, except perhaps legally.

My real question would be: Why would the boss think this if you clearly have no evidence of its occuring since you have no current way of tracking?

Leew did leave out one simple, and inexpensive means, of figuring this out, though it may not necessarily be legal in your situation (though it likely is).  You could install a keylogger on the employee's computer, and run a low quality screen capture if you're not able to purchase software or do any of the the other things previously mentioned.  Please be aware that a computer savvy employee (especially if you grant him or her administrative rights), will likely be able to detect this, granted it doesn't seem you're all that familiar with the idea of internal security management.

Let me know if that helps, or if you have any other specific questions.
0
 
LVL 16

Accepted Solution

by:
AdamRobinson earned 350 total points
Comment Utility
Assuming you may want to eventually apply some sort of file auditing to all users (please beware, Leew's comment on system performance is important if you go overboard), here is a link on how to do it with Group Policy:

http://technet2.microsoft.com/WindowsServer/en/library/3b5204b3-8b18-4b14-babd-a81532331af61033.mspx?mfr=true

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now