Solved

monitor users, security breach

Posted on 2008-10-31
10
317 Views
Last Modified: 2013-12-04
Hello Experts,

I have 5 terminal servers that allow my plant workers to use thin clients to logon.
Each department has a workstation.
So say i have a windows department, with 8 employees that work in it.
the username is different for each department, with a generic password for all departments.
Recently i have had some reports of one department that is no 24 hours logon being used to probe our network.
I know the username and the password and to which termial server they are logging.
What i want to try and do, is catch them "in the act" so to speak.
I can turn on secuity logging on the domain and monitor for logon times, thats my first step.
Are there any other tips or tricks that will aid me in dealing with my offender?
0
Comment
Question by:wlacroix
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22853908
Do you have a baseball bat?

Seriously though, what types of tips are you looking for? How to detect logins, monitor what they are doing, etc...
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22854501
hahhhhahahhhahahahahhhahahhhaha...... probably you should some spy agent on those workstations as a background service, but still it will not be more effective
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22854517
probably you can install the dameware client on these workstations and see from your machine what they are doing...even the VNC would help
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22854529
The Classroom Spy Professional allows you to see live screens of remote computers. This way, you can always watch what users are doing on the remote computer. Additionally, you have the ability to take control of a remote computer by controlling the mouse and keyboard; this is especially useful when you need to assist the person who uses the remote computer. If you are an administrator, you can easily administer remote computers from your computer

http://www.sharewareconnection.com/titles/remote-screen.htm
0
 
LVL 9

Expert Comment

by:BDoellefeld
ID: 22855896
I've used employee activity monitor before, it's ok.

http://www.imonitorsoft.com/products.htm 
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Author Comment

by:wlacroix
ID: 22857873
the workstations in my plant are dumb terminals, i use standard PCs with boot disks to hit my terminal servers, so nothing to install on the local, they dont even have hard drives.

So with all the users logged into termial services i need to monitor a session.

Can i view what they are doing without having to ask them permission, i think its a termial server setting but need to test.
0
 
LVL 14

Accepted Solution

by:
dfxdeimos earned 250 total points
ID: 22859224
0
 
LVL 3

Author Comment

by:wlacroix
ID: 22872075
dfx,

what i got out of that article is the ability to remote into a users session without permission. Thank you. I will award you partial points if anything else comes up.

In the mean time, where can one buy a bat :)
0
 
LVL 3

Author Comment

by:wlacroix
ID: 23028484
tonqxiaofeng,

this product looks to be designed for the desktop. We are running terminal services and I dont remember reading anything regarding terminal services.
0
 
LVL 4

Expert Comment

by:neopumpkin
ID: 25445611
late contribution, i know, but why didn't anyone mention that wlacroix could have used terminal services manager to view the session that his users are logged into.  

wlacroix, the setting you referred to is on the properties page of the users account in AD. on the terminal services tab, you can specify whether a user is required to click ok or not when viewing their session.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now