Security Basics mailing list archives
Re: Monitor ALL pc's (XP) via spy software?
From: Alexander Bolante <alexander.bolante () gmail com>
Date: Wed, 20 Jul 2005 22:31:28 -0700
Chris: I completely agree with David Ferreira on this one. I must say, when I first read this email, the first thing that came to my mind was "maintenance nightmare." Monitoring 40+ machines in real time tracking every footprint, etc. sounds nice, but definitely isn't practical from an administrative standpoint. That's why we have domains, security policies, user/group rights/privileges, firewalls, IDS's, DMZ's, auditing tools, reporting tools, logs, logs, logs :) Hmm...however...I just noticed you titled your email ..."Spy Software." Is that because you just want a 3rd party tool that will allow you to SPY on other user's machines (e.g. scanning/forensic tools)? If that's the case, you might want to try User Logger... Go to --> http://chemware.co.nz/usrlog.htm Some information from the README... User Logger stores information about who is using the computer and when they used it. Some notes about usage: * It runs invisibly (you can stop it with the Task Manager CTRL+ALT+DEL) * It creates and updates a tab delimited text file called UserLog.txt, which you can drag-drop into your spreadsheet application (e.g. Excel), to work out and analyse times etc. * It records User, Date and Time as well as StartUp and ShutDown times * It can record all sorts of other information as well, including a list of "All Windows" (all programs in the Tasklist) * It can take screen shots at set intervals. * The "Capture on Keyword" looks for a keyword in the tasklist, and only captures the screen if that word is present. * It can be used as a Screen Capturing utility. * Logging can be stopped when the data folder gets to a certain size. Good luck either way!!! On 7/20/05, David Ferreira <dferreira () izanet com> wrote:
Hey, IMHO and if every PC has XP (better if SP2) I think all you need is a 2003 PDC and the right group policies. Terminal Server support pasive connection, every configuration is installed by default in all the domain machines that you want. You can see historial and limit software installation and you can restrict every kind of access to the local computer to the user. And why not, for monitoring URLs just configure a proxy and make it default by IE policy (or transparent proxy) you can use SQUID or an ISA Server (which is well integrated in Active Directory) Having 40+ Machines in your network I can't understand how you can live whichout aun AD Domain. It's the most fascist tool for system administration in a LAN ;) Greetings, DavidI am looking for software that will let me monitor in REAL TIME, as well as go back and see what happened on a pc at any time. I see quite a few options out there and most seem to do the same thing which is why I am writing this. What do you guys recommend? I am looking for: 1) Something that can be deployed in the enterprise (40+ machines). 2) Able to connect from the network/LAN to monitor in REAL TIME - in a way that is passive. 3) Able to go back and see what happened on the pc earlier in the day/week? 4) Able to monitor everything from one machine. 5) Option of logging urls they went to earlier etc. What do you guys recommend?
-- ALEXANDER BOLANTE Alexander.Bolante () gmail com "I hate quotations. Tell me what you know." - Ralph Waldo Emerson
Current thread:
- Monitor ALL pc's (XP) via spy software? Chris Williams (Jul 18)
- Re: Monitor ALL pc's (XP) via spy software? Eduardo Kienetz (Jul 20)
- Re: Monitor ALL pc's (XP) via spy software? RA Henrik Becker (Jul 20)
- RE: Monitor ALL pc's (XP) via spy software? Dean De Beer (Jul 20)
- Re: Monitor ALL pc's (XP) via spy software? Nuno Carvalho (Jul 21)
- Re: Monitor ALL pc's (XP) via spy software? David Ferreira (Jul 20)
- Re: Monitor ALL pc's (XP) via spy software? Alexander Bolante (Jul 21)