Our forums are currently in maintenance mode and the ability to post is disabled. We will be back up and running as soon as possible. Thanks for your patience!



How to monitor user access

By v2bailey ·
Is it possible to determine who has access to a computer, regardless of whether or not there is a password to login?

I'm thinking of two different computers - one with a login password (Windows Vista); the other doesn't (Windows XP).

I would like to be able to see what activity the computers were used for on specific days.

I don't see how to use admin tools for this but then, i don't know everything

Is this possible..??

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by Mohammad Oweis In reply to How to monitor user acces ...

You can enable auditing from group policy by doing this:
go to Run -> gpedit.msc
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy
Then enable whatever you need, and check them in the eventlog.
But this can fill your eventlog very quickly.

Collapse -

Usage monitoring

by timwalsh In reply to How to monitor user acces ...

Point #1 If there is no password requirement, there is no way to prove who is on a computer at any given time

Point #2 Even if there is a password requirement, does each user have their own user name and password? Do people share their passwords with other users (either explicitly, or implicitly by writing the password on a sticky note and putting it under the keyboard)? Are passwords easy to guess? Does each user log off when they leave the computer, or are computers left logged on while unattended?

The issue here is that unless there are strict security policies in place (individual passwords, strong passwords passwords not know to other users, user logs off, or locks screen before leaving vicinity of computer, etc.), any effort to monitor policy compliance, or even to determine who was using a computer at a particular time, is almost impossible.

Security auditing (if configured properly)will give you a certain subset of information (i.e who logged on or off a given computer, and when; and possibly what files were accessed , at what time, and who by) can be determined if strict security policies are in place. With these policies in place, if you just need to know who was logged on to a computer at a specific time, security auditing might be sufficient.

History in Internet Explorer might tell you what web pages have been visited by a particular user, although History is easy to delete.

Firewall logs might show that spcific types of traffic were sent to IP addresses outide your network.

It sounds like you are looking for usage information for forensic purposes (i.e. tie a specific user to a specific activity that is either illegal, immoral, unethical, or otherwise in contravention of established policy). If this is the case, the tools that come with Windows are for the most part decidedly useless for your purposes.

If you want to collect enough of the right type of information to make an accusation stick, there is commercial software available that can be used for "spying" on users by doing such things as logging keystrokes, logging websites visited, logging programs being used, logging files being accessed, taking periodic screen-shots of activity on the computer, copying emails sent out and received, and more (all without ahy outward sign to the user that this is taking place). This type of software, when designed for use in a network environment, is usually not inexpensive

But again, unless you have security policies in place that make it impossible for a user to access a computer without supplying a unique user-name and password that is known only to them, all this information is essentially useless, unless you want to go to the further troubler of placing a security camera at each workstation to film who is using it.

Related Discussions

Related Forums