I can’t post too many details, but I need to find a way to track an end user who is rifling through the shared drive on my Network. For now I have to allow it and not change permissions, but I haven’t found a way, to prove historically where this user has been. The user has used the information that is found in personal files on the network and gone to the owner. I became the scapegoat as the head of the dept to demote a VP. I know the enduser also lied about how the information was found and threw a previously laid off employee under the bus as the person who brought it to their attention. Does anyone have any ideas what I can do either on the Windows 2000 server to find the information I need? I have one piece of evidence from the Computer Management that shows them logged onto another users local connection, they failed to logoff correctly so I did a screen capture of that choice morsel.
Thanks all.