Help me catch em

[carstensdj]

Hi there,

I need a software that logs users actions. We have various servers at different sites and the guys like to play around on the PC's.

I need a software that can tell me what the users have done on the machines... Thanks

 

[psheldon]

cat /var/log/messages | less

See. the forum is platform independent. You don't specify what platform. Here is one way of doing things in Linux.

 

[w1z4rd]

touch /var/log/messages (I actually pushed the [tab] button while typing this)..

 

[w1z4rd]

I think the OP is looking for something like this: http://www.refog.com/employee-computer-monitoring-software.html

Im not sure of the ethics or legality behind this... but thats what you are looking for.

 

[carstensdj]

cat /var/log/messages | less

See. the forum is platform independent. You don't specify what platform. Here is one way of doing things in Linux.

My mistake... It's Win7Pro Servers...

 

[carstensdj]

I think the OP is looking for something like this: http://www.refog.com/employee-computer-monitoring-software.html

Im not sure of the ethics or legality behind this... but thats what you are looking for.

Thanks for the suggestion, but was hoping for something free or open source, if anyone knows of anything? Does it exist? I've got remote control over the servers, but dont have time to sit around logging in and checking what the guys are doing. This is more for a post incident log. The guys have strict rules as to what they may not do on the servers, but they do anyway, so i need a way to be able to pin point what time the guys did what they did so that i can then match that with who was on shift...

 

[Cicero]

This just makes me uneasy. What kind of staff/employees are you monitoring?

 

[carstensdj]

This just makes me uneasy. What kind of staff/employees are you monitoring?

Security Guards...

 

[w1z4rd]

Thanks for the suggestion, but was hoping for something free or open source, if anyone knows of anything? Does it exist? I've got remote control over the servers, but dont have time to sit around logging in and checking what the guys are doing. This is more for a post incident log. The guys have strict rules as to what they may not do on the servers, but they do anyway, so i need a way to be able to pin point what time the guys did what they did so that i can then match that with who was on shift...

Nothing decent free or open source in this area, you could probably look on the pirate bay for cracked software.

 

[Rocket-Boy]

touch /var/log/messages (I actually pushed the [tab] button while typing this)..

Lol!
Yeah I sometimes do that when im typing stuff too and wonder why the cursor just jumped along the line.

 

[hungrybeaver]

You'll have to buy software most likely. You can also give security a user account and limit it so they can only do what they need to do.

 

[Rocket-Boy]

You should be running a windows server with a domain and GP's to restrict them from doing things they shouldnt be.
Its easier than trying to follow up after something breaks to find out who it was.

 

[carstensdj]

Nothing decent free or open source in this area, you could probably look on the pirate bay for cracked software.

Lol. Would do for my personal PC, but i dont want to start implementing Pirated Software on company servers

 

[AstroTurf]

Im not sure of the ethics or legality behind this... but thats what you are looking for.

The interception of communication is currently regulated by the Regulation of Interception of Communications and Provision of Communication Related Information act 70 of 2002. The interception of communication in prohibited in that, subject to this Act, no person may intentionally intercept or attempt to intercept, or authorise or procure any other person to intercept or attempt to intercept, at any place in the Republic, any communication in the course of its occurrence or transmission.

http://www.labourguide.co.za/most-recent-publications/the-right-to-privacy-and-the-interception-of-employees-e-mail?utm_source=MailingList&utm_medium=email&utm_campaign=art%2Fpp

 

[carstensdj]

You should be running a windows server with a domain and GP's to restrict them from doing things they shouldnt be.
Its easier than trying to follow up after something breaks to find out who it was.

Yea i hear you.. I have tried this, but the Off-Site monitoring software that we use is an interactive one that requires full user rights to access certain things. Bit of a glitch, but it's a new software and we are currently the only company using it, so for now Logs is about all i've got to keep these okes from plugging phones n crap into the servers and putting endless viruses on the servers...

 

[eXisor]

You should be running a windows server with a domain and GP's to restrict them from doing things they shouldnt be.
Its easier than trying to follow up after something breaks to find out who it was.

This.

Edit: Just saw post re: why you can't. Wasn't there when i posted

Uninstall and disable all the usb ports, dvd-drives and stiffy from device manager. Then block their reinstall with regkey update. Something like..

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe

Name (String): Debugger
Value: <none>

This disables all mmc type functions, including device manager.
Also, disable windows update.
.

 

[carstensdj]

http://www.labourguide.co.za/most-recent-publications/the-right-to-privacy-and-the-interception-of-employees-e-mail?utm_source=MailingList&utm_medium=email&utm_campaign=art%2Fpp

Very different story for us.. We are a Tactical Security company dealing with sensitive information and high priority security... So when the guys interfere with that, i NEED to know!

 

[AstroTurf]

Why not just remove DVD drives and plug all the USB ports with USB locks (remember keyboard and mouse USB ports may be a problem as they can probably use either a mouse or Keyboard instead of both or bring a USB hub from home so if they are USB you will have to (my personal suggestion anyway) remove the front USB ports and put them inside the case, plug the keyboard and mouse into these after feeding them through an opening in the back the lock the case with intrusion detection).

 

[AstroTurf]

Very different story for us.. We are a Tactical Security company dealing with sensitive information and high priority security... So when the guys interfere with that, i NEED to know!

Basically you need to get your employees to sign something saying that all activity on the machines will be monitored (without duress).

 

[eXisor]

This.

Edit: Just saw post re: why you can't. Wasn't there when i posted

Uninstall and disable all the usb ports, dvd-drives and stiffy from device manager. Then block their reinstall with regkey update. Something like..

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe

Name (String): Debugger
Value: <none>

This disables all mmc type functions, including device manager.
Also, disable windows update.
.

Not sure if you saw this.

There's an alternative way to disable USB sticks here. http://diaryproducts.net/about/operating_systems/windows/disable_usb_sticks

And more info from MS here http://technet.microsoft.com/en-us/library/ee126101(WS.10).aspx
.