Solved

Internet use monitoring on Windows Server 2003

Posted on 2006-11-09
7
205 Views
Last Modified: 2010-04-10
I have been asked by management to investigate staff Internet use, to make sure no inappropriate sites are visited and that all Internet use is work-related. This will be per-username, as users don't necessarily use the same workstation each time.

Without installing additional software, I'd like a list of every website each user visits (i.e. a separate list for each user) to be stored somewhere accessible to IT administrators (preferably on the server, if this won't slow down the loading of websites), for up to 30 days.

I was initially thinking of maybe redirecting the Temporary Internet Files folder to a location on the server, then using the list of cookies to generate such a list. However, not all sites use cookies, and users are able to delete cookies in Internet Explorer.

[We are running Windows XP Pro on workstations connected to a Windows 2003 file server. I have used the term "Internet" broadly here - I'm referring to http access via Internet Explorer; we can leave Telnet, FTP et al. alone for now!]
0
Comment
Question by:skrysiak
7 Comments
 
LVL 14

Expert Comment

by:Juan Ocasio
Comment Utility
Why not just look at the log files?
0
 
LVL 26

Expert Comment

by:jar3817
Comment Utility
"...to make sure no inappropriate sites are visited and that all Internet use is work-related."

Unless you have software in place to filter content, I guarantee that inappropriate sites are being visited.

You could go with some commercial windows-based software to filter your web access like surfcontrol or you can go the free linux route with squid and dansguardian. I use both at the school I work for, surfcontrol is our main filter and if that box were to explode, dansguarian can be used a backup. Both work fairly well for me.
0
 
LVL 3

Expert Comment

by:KVR_Solutions
Comment Utility
Set up your server as a proxy server. That's the easiest way without purchasing extra hardware or software.

However, this will create a bottleneck and make file access slow.

Another solution would be to google "network monitoring software demo" and try and find a software company that will give you a demo for the 30 days or so. You may be able to milk out an enterprise level solution to get the results you want - for free.

Ira @ KVR

0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:skrysiak
Comment Utility
I know for sure that not all Internet use is work-related! We're quite laissez-faire at our company, but we need our staff to be using the Internet only as part of their job, and with staff using different workstations throughout the day it is easy to abuse this.

We use a filter already, but they don't always block sites such as email portals based outside of the company, MySpace, and personal blogs. Log files are easy for users to delete, as they are stored locally on the user's workstation.

I had already considered the proxy server idea, but the server already handles a lot of large files over about 100 users, so file access is likely to be slow.

I guess what would be ideal is to automatically copy the contents of Temporary Internet Files or History to a folder per-user on the server where I can manually monitor what's going on. This would work better if it were silent, i.e. so that staff weren't able to see where files are being stored. Does anyone know if this (or something similar) is possible??
0
 
LVL 26

Expert Comment

by:jar3817
Comment Utility
If you already have a filter, its logs should have all the data you need. What kind of filter is it?
0
 
LVL 1

Accepted Solution

by:
babu_pm earned 200 total points
Comment Utility
hi, there is a alternate way, that you can restrict the user from visiting unauthorised websites,

first, list down the websites, that essentially need for your company business.

but you must do it for all computers.

the instruction is available in Microsoft Knowledge base,
the Article ID is 267930

hope it will works.
0
 

Author Comment

by:skrysiak
Comment Utility
Thanks for that, seems to have worked so far. Getting some complaints from the typing pool though - seems they can't live without LiveJournal and Hotmail!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

As dyndns has reduced the capabilities of the free service, I looked around for other free providers of Dynamic DNS service. After testing several I decided to move my DNS hosting to Hurricane Electric as then domains that require dynamic hostnam…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now