Avatar of eitconsulting
eitconsulting
Flag for United States of America asked on

End-user is changing computer settings...

I have a hospitality customer's NOC staff making changes to the Win7 Pro desktop systems.  In particular, the NOC end-user is changing the NIC settings but denies the changes the next day.  However and in order to give the end-user the benefit of the doubt, it could be possible that they are working with the ISP or the reservation system tech support of which, either may be making changes to the desktop to either bring the system online and/or suit the computer to work with their software.  Nonetheless, it sure would be nice to learn who is actually making this network configuration change.  Can someone recommend a tool to monitor the changes?  Or is this something that Windows 7 auditing feature can detect AND report via a triggered e-mail?
System UtilitiesWindows OSOS Security

Avatar of undefined
Last Comment
eitconsulting

8/22/2022 - Mon
McKnife

Find out If he is even allowed to change it.
Is he a member of network configuration operators or administrators? If not, it can't be him.
eitconsulting

ASKER
No one is supposed to make any system modifications. The problem is, and is an unfortunate one at that, many software vendors require that client machines have at a minimum, local admin rights.  This being said, staff members are repeatedly informed that they are not to do anything on the computer but operate the reservation software and look up general information if a guest asks/needs a store, activity, restaurant, itinerary printout, etc...  Most abide by this policy.
Regardless, system settings are changed and I just need to know when and by what login account.  Knowing this, particularly during the NOC hours when there are only two employees working would allow me to counter any denial of changes to the computer systems.
ASKER CERTIFIED SOLUTION
McKnife

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
eitconsulting

ASKER
What about GPOs?  Are you aware of a GPO policy that can be initiated to avoid changing the NIC settings?  I haven't used Auditing in sometime.  Where can I enable auditing and can it (Windows 7 Pro) alert me of a specific change to a NIC configuration?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
McKnife

GPOs don't stop administrators from changing the network settings, sorry.
Auditing: open secpol.msc ->local policies ->audit pol. ->object access -> check success.
Then, navigate to to that registry path I mentioned, right click it, open security settings, navigate to auditing and setup auditing for user "everyone" for full access.

Changes to network settings will be logged to the security event log and you can see who it was. Try it out right now at your machine.
eitconsulting

ASKER
Sorry, disregard the last segment re: Auditing.  It's the Local Security Policy.
http://windows.microsoft.com/en-us/windows7/monitor-attempts-to-access-and-change-settings-on-your-computer
eitconsulting

ASKER
I'm trying that out now on a Win7 lab VM machine...
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.