Re: Software auditing: Which one and who installed it
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 3 Nov 2007 21:54:51 -0500
There is not built in auditing for such and third party programs may be able
to do it. What may help is to enable auditing of object access via security
policy for the computers that you want to monitor and then audit the program
files folder for folder creation which could give you a good idea what is
going on. Unfortunately just enabling auditing of object access will create
lots and lots of object access events that will make it difficult to find
exactly what you are locking for but free utilities like Event Comb from
Microsoft can help.
Otherwise it may be best to review what users are local administrators and
then to limit the list to those that actually need to be. Group Policy
Software Restriction Policies can be very helpful in managing what users can
run and install on their computers and would be preventative measure.
Steve
http://technet.microsoft.com/en-us/library/bb457006.aspx --- Software
Restriction Policies
http://technet2.microsoft.com/windowsserver/en/library/50fdb7bc-7dae-4dcd-8591-382aeff2ea791033.mspx?mfr=true
-- auditing object access
"Snuffy" <Snuffy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D37491AD-2904-4E37-AC51-23C3891AD26C@xxxxxxxxxxxxxxxx
I would like to turn on auditing so it logs the software being installed
and
who is installing it. Even if an administrator is installing. Is there a
way
of doing this?
I am trying to do this in a domain environment. I would think a method
would
involve an audit setting, but I haven't had any luck finding a solution.
.
- Prev by Date: Re: sata drive stays read only.
- Next by Date: Re: Windows XP Firewall Icon
- Previous by thread: Re: sata drive stays read only.
- Next by thread: Re: Offline files oddity
- Index(es):
Relevant Pages
|
