Re: logging data accessed by user
From: jas0n (no_at_email.here)
Date: 04/27/05
- Next message: Steven L Umbach: "Re: 2003 & Automatically log off users when logon time expires"
- Previous message: John M: "Re: Microsoft Baseline Security Analyzer (MBSA) 1.2.1"
- In reply to:(deleted message) jas0n: "Re: logging data accessed by user"
- Next in thread: sam: "Re: logging data accessed by user"
- Reply:(deleted message) sam: "Re: logging data accessed by user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Apr 2005 22:51:11 +0100
In article <MPG.1cd8cadd39a36324989688@news.microsoft.com>,
no@email.here says...
> In article <#vgMXgmSFHA.3444@tk2msftngp13.phx.gbl>, mvpNOSpam@asu.edu
> says...
> > Before you implement this, consider whether it will actually do
> > what you are after. Yes, you could use a group that contains the
> > accounts of concern (I would highly recommend not using Users
> > or equivalent broad groups, but a more narrow custom group)
> > and set a SACL to trigger event messages on all accesses.
> >
> > However, what I question is whether you would actually be able
> > to make use of the information, whether you would really monitor
> > the generated data and be able to detect "abnormal, suspect" access
> > patterns. Beyond that, I question whether even if you did monitor
> > the event log and detect such accesses within an actionable time
> > if then you could/would be able to do anything about it. One day
> > delay in taking action means the data travelled home that night.
> >
>
> Yes, its one of these top level 'wish list' items that just wont work in
> the real world - that was my thinking as well. It would put a general
> strain on things and hardly be utilised.
>
> I mean, what could you call the group for starters, the 'untrusted'? ;)
>
> I guess it may give them an idea of what could have gone ... although,
> its not like we're internal country security or something!
>
ive since found gfi.com do a product that can lock down using groups all
removable storage items including usb sticks, cameras, cdrw, floppies,
etc ...
... that would go some way to only giving access to removing data using
these devices but doesnt stop them simply printing it and putting it in
the briefcase!!
- Next message: Steven L Umbach: "Re: 2003 & Automatically log off users when logon time expires"
- Previous message: John M: "Re: Microsoft Baseline Security Analyzer (MBSA) 1.2.1"
- In reply to:(deleted message) jas0n: "Re: logging data accessed by user"
- Next in thread: sam: "Re: logging data accessed by user"
- Reply:(deleted message) sam: "Re: logging data accessed by user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
