Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 946
  • Last Modified:

Prove Application was Run on Windows Server

I have a situation where a person has mapped a drive and has run an application they were not suppose to. I know the Windows7 Desktop they were on and the time of the incident. I also The application that was run. The person has admitted that they have made a mistake. I want proof from the Windows system logs as proof that the incedent happened at the person said it did. How and what do I need to collect and collate to prove this?

Service is Windows 2003, Desktop is Windows7 it is an enterprise domain.
0
JeffSchaper
Asked:
JeffSchaper
  • 3
  • 2
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
If you haven't enabled auditing, then there is nothing in the system log UNLESS the application ran SPECIFICALLY and intentionally writes to it.  Depending on the app, MAYBE it created settings in the user's profile.... but it really depends on the app.  
0
 
JeffSchaperAuthor Commented:
So I'm not able to see the person map the drive to the share manually? The person typed in the unc path to get to the share.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
There may be MRU (most Recently used) lists in the registry, but if the user is no longer connected, I don't recall any way of knowing if they were via event logs.  And if auditing wasn't enabled on the server/application executable, then there is definitely no way to know that the user actually executed the program.  (Why did the user even have permission (NTFS Permissions) to access the file if he wasn't supposed to?
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
So the C grade is because I couldn't tell you how to do the impossible?
0
 
JeffSchaperAuthor Commented:
Sorry leew, the C Grade was in response to my satisfaction, not your expertise. I can tell you are a very intelligent person. If I could change the grade I would.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now