Solved

Prove Application was Run on Windows Server

Posted on 2011-02-14
6
935 Views
Last Modified: 2012-05-11
I have a situation where a person has mapped a drive and has run an application they were not suppose to. I know the Windows7 Desktop they were on and the time of the incident. I also The application that was run. The person has admitted that they have made a mistake. I want proof from the Windows system logs as proof that the incedent happened at the person said it did. How and what do I need to collect and collate to prove this?

Service is Windows 2003, Desktop is Windows7 it is an enterprise domain.
0
Comment
Question by:JeffSchaper
  • 3
  • 2
6 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34894331
If you haven't enabled auditing, then there is nothing in the system log UNLESS the application ran SPECIFICALLY and intentionally writes to it.  Depending on the app, MAYBE it created settings in the user's profile.... but it really depends on the app.  
0
 
LVL 4

Author Comment

by:JeffSchaper
ID: 34911779
So I'm not able to see the person map the drive to the share manually? The person typed in the unc path to get to the share.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 34911856
There may be MRU (most Recently used) lists in the registry, but if the user is no longer connected, I don't recall any way of knowing if they were via event logs.  And if auditing wasn't enabled on the server/application executable, then there is definitely no way to know that the user actually executed the program.  (Why did the user even have permission (NTFS Permissions) to access the file if he wasn't supposed to?
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 34912630
So the C grade is because I couldn't tell you how to do the impossible?
0
 
LVL 4

Author Comment

by:JeffSchaper
ID: 34912688
Sorry leew, the C Grade was in response to my satisfaction, not your expertise. I can tell you are a very intelligent person. If I could change the grade I would.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now