monitor users, security breach

Hello Experts,

I have 5 terminal servers that allow my plant workers to use thin clients to logon.
Each department has a workstation.
So say i have a windows department, with 8 employees that work in it.
the username is different for each department, with a generic password for all departments.
Recently i have had some reports of one department that is no 24 hours logon being used to probe our network.
I know the username and the password and to which termial server they are logging.
What i want to try and do, is catch them "in the act" so to speak.
I can turn on secuity logging on the domain and monitor for logon times, thats my first step.
Are there any other tips or tricks that will aid me in dealing with my offender?
LVL 3
wlacroixAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dfxdeimosCommented:
Do you have a baseball bat?

Seriously though, what types of tips are you looking for? How to detect logins, monitor what they are doing, etc...
0
sk_raja_rajaCommented:
hahhhhahahhhahahahahhhahahhhaha...... probably you should some spy agent on those workstations as a background service, but still it will not be more effective
0
sk_raja_rajaCommented:
probably you can install the dameware client on these workstations and see from your machine what they are doing...even the VNC would help
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

sk_raja_rajaCommented:
The Classroom Spy Professional allows you to see live screens of remote computers. This way, you can always watch what users are doing on the remote computer. Additionally, you have the ability to take control of a remote computer by controlling the mouse and keyboard; this is especially useful when you need to assist the person who uses the remote computer. If you are an administrator, you can easily administer remote computers from your computer

http://www.sharewareconnection.com/titles/remote-screen.htm
0
BDoellefeldCommented:
I've used employee activity monitor before, it's ok.

http://www.imonitorsoft.com/products.htm 
0
wlacroixAuthor Commented:
the workstations in my plant are dumb terminals, i use standard PCs with boot disks to hit my terminal servers, so nothing to install on the local, they dont even have hard drives.

So with all the users logged into termial services i need to monitor a session.

Can i view what they are doing without having to ask them permission, i think its a termial server setting but need to test.
0
dfxdeimosCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wlacroixAuthor Commented:
dfx,

what i got out of that article is the ability to remote into a users session without permission. Thank you. I will award you partial points if anything else comes up.

In the mean time, where can one buy a bat :)
0
wlacroixAuthor Commented:
tonqxiaofeng,

this product looks to be designed for the desktop. We are running terminal services and I dont remember reading anything regarding terminal services.
0
neopumpkinCommented:
late contribution, i know, but why didn't anyone mention that wlacroix could have used terminal services manager to view the session that his users are logged into.  

wlacroix, the setting you referred to is on the properties page of the users account in AD. on the terminal services tab, you can specify whether a user is required to click ok or not when viewing their session.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.