RE: Spying in a corporate environment

If you have a 2003 domain enforce group policies and restrict access to
certain windows components. I presume even if a user has admin rights on a
pc, he should not be able to over right the group policies, if he is not so
keen to remove the policies from the pc himself.
The best practice is to download by scripts the pc setup every often,
download logs, take snapshots of the cookies directory and "program files"
and if u can copy the ntuser.dat as it has all activity of the user on the
pc and monitor by scripts the "Temp Internet directory", you will be
surprised what you find there.
If you can, do enforce proxies as these have all internet activity logged in
them and it makes it easier to track those "idiots" that makes you the day a
problem at work. I use some of the above and others and I found naughty
users with them. Automate the process, that is important.
Then you can go for more elaborate things, but that is up to yourself, that
even if a user is an admin, you can trace him. If you know how and have the
right tools and TIME you can trace all user activity no matter what.

----------------------------------------------------------------------------
----
The information in this e-mail, and any of its attachments, are strictly
private
and confidential and intended solely for the person or organisation to whom
it
is addressed. If you are not the named addressee or if this transmission has

reached you in error, you must not copy, distribute,or make any use of it
in any manner whatsoever. If you have received this e-mail in error,
please notify the sender immediately and then delete this e-mail.

All Email(s) sent from this account are virus scanned.
----------------------------------------------------------------------------
----
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Ansgar -59cobalt- Wiechers
Sent: 21 November 2007 18:00
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Spying in a corporate environment

On 2007-11-20 Col wrote:
On Nov 20, 2007 11:25 PM, Murda Mcloud <murdamcloud@xxxxxxxxxxx> wrote:
You could always set exceptions to the spy software in your AV
solution.

the thing that bothered me with this, a lot of users have admin
rights, so they could run another program we don't have control over.

As long as they have admin rights you don't have control, no matter what
you try.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Relevant Pages

  • Re: Links not working for user
    ... Manual fix: Start/Run/Regedit ... Is there a quick view of any group policies that have been ... have admin rights on the server as ...
    (microsoft.public.windowsxp.general)
  • Re: Links not working for user
    ... Taskbar Repair Tool Plus! ... Is it for tis only user or affects all users on the same machine? ... How can i see what group policies have been enabled on this ... have admin rights on the server as well. ...
    (microsoft.public.windowsxp.general)
  • Re: Links not working for user
    ... Manual fix: Start/Run/Regedit ... Is there a quick view of any group policies that have ... have admin rights on the ...
    (microsoft.public.windowsxp.general)
  • Links not working for user
    ... I have a user issue i'm trying resolve. ... It is obviously that there is some group policy or something rather running ... How can i see what group policies have been enabled on this ... have admin rights on the server as well. ...
    (microsoft.public.windowsxp.general)
  • Re: PC use time monitor
    ... looking for something to control the amount of time a grandson spends playing games. ... He is fairly knowledgable and has admin rights to his XP Pro system. ... To do this, you need a 3rd party tool like Net Nanny or cybersitter, which uses passwords not related to the user accounts. ...
    (microsoft.public.windowsxp.general)