Security Basics mailing list archives
Re: How to monitor Windows user
From: PCSC Information Services <info () pcsage biz>
Date: Sat, 9 Sep 2006 15:10:58 -0400
Francis,Auditing would provide exactly this functionality, and you might also want to take steps to ensure that your organization's policies accurately reflect your contention that this is
an impermissible login.While I understand that this might not be on track with your question, perhaps the most pro-active approach would be to limit the log on allowable times to those of the office hours. If you are in a government office, there are no doubt policies which can be effected in this respect, furthermore, if you (correctly) are auditing log on events, then you will be able to ascertain for certain which users are attempting to log in and at what times.
I find it reprehensible to administer in such a way as to 'prove' criminality. While it's true that ignorance of the law is no excuse, it's also not ethical to entrap either. Sound administration policy is what is needed and it sounds and would be arguable that due diligence wasn't performed by either party. This potentially would throw any attempts to litigate an incorrect (or illegal) login attempt invalid, and only damage all parties involved.
When in doubt CYA. Ensure that policy is correct, and that the administration steps taken for each machine accurately reflect the policy. Furthermore, policy is only effective insofar as the employee can be adequately informed and consent to be bound by the policy.
info On 6-Sep-06, at 9:24 AM, FRANCIS PROVENCHER wrote:
Hi all, i have a question for you.I suspect a user of my office to use PC from others workers outside of the office hour.Im not very famillar with Windows products and third party. I just want to know, how i can monitor this station in question. Some one can help me please? Francis Provencher Ministère de la Sécurité publique du Québec Direction des technologies de l'information Tél: 1 418 646-3258 Courriel: Francis.provencher () Msp gouv qc ca CEH - Certified Ethical Hackers SSCP - System Security Certified Practionner Sec+ - Security +---------------------------------------------------------------------- -----This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree,without disrupting your career or home life. http://www.msia.norwich.edu/secfocus---------------------------------------------------------------------- -----
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- How to monitor Windows user FRANCIS PROVENCHER (Sep 06)
- Re: How to monitor Windows user Sebastian {En3pY} Zdrojewski (Sep 07)
- RE: How to monitor Windows user Chris Dirricq (Sep 07)
- Penetration testing report, IRM (Sep 08)
- Re: Penetration testing report, intel96 (Sep 09)
- Penetration testing report, IRM (Sep 08)
- Re: How to monitor Windows user Alcides (Sep 09)
- Re: How to monitor Windows user crazy frog crazy frog (Sep 09)
- Re: How to monitor Windows user PCSC Information Services (Sep 11)