Re: tracking what programs are launched?
From: djc (noone_at_nowhere.com)
Date: 10/13/04
- Next message: rusga: "just a thread..."
- Previous message: Steven L Umbach: "Re: tracking what programs are launched?"
- In reply to: Steven L Umbach: "Re: tracking what programs are launched?"
- Next in thread: Steven L Umbach: "Re: tracking what programs are launched?"
- Reply: Steven L Umbach: "Re: tracking what programs are launched?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Oct 2004 12:41:05 -0400
oh ya! I should have thought of that considering I am currently preparing
for the Security elective test as part of the MCSA 2000: Security Cert!
Shame on me.
Thanks Steve.
-djc
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:QLcbd.251005$3l3.77955@attbi_s03...
> You can enable auditing of object access on a computer and then audit an
> executable for the execute permission. Of course that will not work for
user
> installed executables. Another built in method would be to enable auditing
> of process tracking. Yeah there will be a lot to sift through but the info
> will probably be there. Try it out on a test computer to see if it does
what
> you want. The problem with process tracking is that is can not be enabled
on
> a user/group basis. EventComb is free from Microsoft and can help a lot in
> searching multiple computers for specific events and text strings. ---
> Steve
>
>
> "djc" <noone@nowhere.com> wrote in message
> news:eYMeqHSsEHA.3200@TK2MSFTNGP14.phx.gbl...
> >I need to be able to see 'who' is running certian programs and when...
lets
> > say Solitaire for example.
> >
> > Now I know of course if Solitaire should not be run it just shouldn't be
> > on
> > the machine... so, moving past that, what options do I have to log when
> > the
> > program is run?
> >
> > I am hoping to find a simple, already there, kind of solution... like
> > turning on some kind of logging which I can just search through with a
> > batch
> > or script file as opposed to some full blown 'monitoring' software suite
> > that would need to be installed on the target machines. The least amount
> > of
> > effort is the goal since I will in fact just be removing these programs.
> > But
> > I have been asked to find out the whos and whens first.
> >
> > note:
> > - I know there are several ways to prevent programs from being run such
as
> > using a GPO to create an Allow list of programs. Right now, the object
is
> > not to prevent it but to so who is running it and when.
> >
> > any info would be greatly appreciated.
> >
> >
>
>
- Next message: rusga: "just a thread..."
- Previous message: Steven L Umbach: "Re: tracking what programs are launched?"
- In reply to: Steven L Umbach: "Re: tracking what programs are launched?"
- Next in thread: Steven L Umbach: "Re: tracking what programs are launched?"
- Reply: Steven L Umbach: "Re: tracking what programs are launched?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
