Can I monitor who's using my machine?
There are lots of tools out there that will allow you to monitor not just who's using your machine, but what they're doing, even typing, when they do. That's called spyware, and requires installing additional software to be installed to log and report the activities.
What many people don't realize is that there are some simple logging tools built into Windows XP already. They won't log keystrokes, but they will at least let you see who's logged into your machine and what programs they ran while they were there.
It's off by default, but it's easy to turn some of that logging on.
•
The settings are buried a little deep: Start, All Programs, Accessories, Administrative Tools, Local Security Policy. Once that's opened up, look underneath Security Settings, expand Local Policies by clicking on the boxed plus sign next to it, and then click on Audit Policy.
There are several items of interest here, but we'll focus on only three. Start by double clicking on Audit account login events. Make sure that both success and failure are checked, and press OK. Repeat for Audit logon events. Those two will log when someone logs into your computer or tries to connect to your computer via a remote share. Now repeat the process for Audit process tracking - this one will log an event each time a process (program) starts or stops.
Now close Local Security Settings.
Use the event viewer to see the results of the logging we just enabled.
Press Start, Run, and type "eventvwr". Click on the security item in the left hand pane. In the right will be a list of security events, most recent at the top. Double click on one for the details of that event. In the case of a login event, for example, you'll see the account used as well as the date and time of the event. In the case of a process event, you'll see the name of the program that was run as well as the account that started it.
What many people don't realize is that there are some simple logging tools built into Windows XP already. They won't log keystrokes, but they will at least let you see who's logged into your machine and what programs they ran while they were there.
It's off by default, but it's easy to turn some of that logging on.
•
The settings are buried a little deep: Start, All Programs, Accessories, Administrative Tools, Local Security Policy. Once that's opened up, look underneath Security Settings, expand Local Policies by clicking on the boxed plus sign next to it, and then click on Audit Policy.
There are several items of interest here, but we'll focus on only three. Start by double clicking on Audit account login events. Make sure that both success and failure are checked, and press OK. Repeat for Audit logon events. Those two will log when someone logs into your computer or tries to connect to your computer via a remote share. Now repeat the process for Audit process tracking - this one will log an event each time a process (program) starts or stops.
Now close Local Security Settings.
Use the event viewer to see the results of the logging we just enabled.
Press Start, Run, and type "eventvwr". Click on the security item in the left hand pane. In the right will be a list of security events, most recent at the top. Double click on one for the details of that event. In the case of a login event, for example, you'll see the account used as well as the date and time of the event. In the case of a process event, you'll see the name of the program that was run as well as the account that started it.
0 comments:
Post a Comment