This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.
End-user is changing computer settings...
I have a hospitality customer's NOC staff making changes to the Win7 Pro desktop systems. In particular, the NOC end-user is changing the NIC settings but denies the changes the next day. However and in order to give the end-user the benefit of the doubt, it could be possible that they are working with the ISP or the reservation system tech support of which, either may be making changes to the desktop to either bring the system online and/or suit the computer to work with their software. Nonetheless, it sure would be nice to learn who is actually making this network configuration change. Can someone recommend a tool to monitor the changes? Or is this something that Windows 7 auditing feature can detect AND report via a triggered e-mail?
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
No one is supposed to make any system modifications. The problem is, and is an unfortunate one at that, many software vendors require that client machines have at a minimum, local admin rights. This being said, staff members are repeatedly informed that they are not to do anything on the computer but operate the reservation software and look up general information if a guest asks/needs a store, activity, restaurant, itinerary printout, etc... Most abide by this policy.
Regardless, system settings are changed and I just need to know when and by what login account. Knowing this, particularly during the NOC hours when there are only two employees working would allow me to counter any denial of changes to the computer systems.
Regardless, system settings are changed and I just need to know when and by what login account. Knowing this, particularly during the NOC hours when there are only two employees working would allow me to counter any denial of changes to the computer systems.
You can audit the registry keys where the IPs are saved to see who changes them. The path is
HKEY_LOCAL_MACHINE\SYSTEM\
Audit that key and subkeys.
HKEY_LOCAL_MACHINE\SYSTEM\
Audit that key and subkeys.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
What about GPOs? Are you aware of a GPO policy that can be initiated to avoid changing the NIC settings? I haven't used Auditing in sometime. Where can I enable auditing and can it (Windows 7 Pro) alert me of a specific change to a NIC configuration?
GPOs don't stop administrators from changing the network settings, sorry.
Auditing: open secpol.msc ->local policies ->audit pol. ->object access -> check success.
Then, navigate to to that registry path I mentioned, right click it, open security settings, navigate to auditing and setup auditing for user "everyone" for full access.
Changes to network settings will be logged to the security event log and you can see who it was. Try it out right now at your machine.
Auditing: open secpol.msc ->local policies ->audit pol. ->object access -> check success.
Then, navigate to to that registry path I mentioned, right click it, open security settings, navigate to auditing and setup auditing for user "everyone" for full access.
Changes to network settings will be logged to the security event log and you can see who it was. Try it out right now at your machine.
Sorry, disregard the last segment re: Auditing. It's the Local Security Policy.
http://windows.microsoft.com/en-us/windows7/monitor-attempts-to-access-and-change-settings-on-your-computer
http://windows.microsoft.com/en-us/windows7/monitor-attempts-to-access-and-change-settings-on-your-computer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
System Utilities
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: IC3 GS4 Internet Core Competency Global Standard 4… 135 lessons
-
Microsoft ApplicationsCertification: MCP MCSA Microsoft Certified Partner & Solutions Ass… 377 lessons
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
Is he a member of network configuration operators or administrators? If not, it can't be him.