Monitoring changes in windows environment
Results 1 to 9 of 9

Thread: Monitoring changes in windows environment

  1. #1
    Member bradlesliect's Avatar
    Join Date
    Apr 2006
    Location
    CT - SA
    Posts
    74

    Monitoring changes in windows environment

    Hi All,

    Does anyone know how you can monitor changes being made on a windows box? Software installations, registry changes, network setting changes, etc.

    I need to find something that can tell me when User X changes the TCP/IP settings or when he installed/uninstalled software and what it was that he installed.

    The machines are networked but not on a Domain Controller or part of an Active Directory structure. Currently ALL users have FULL access to the machines as this is how it was requested but someone keeps making changes to the darn stuff which makes it difficult for me to track who and what was done.

    Anything out there?

    Thanks
    .....I rather not say....

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Do the users actually log on as themselves, or do they use some general account? Obviously they have full admin rights it would seem?

    I would recommend that the only software that you require is a word processor to update your CV.

    What you are describing is total anarchy and effectively "mission impossible".

    Unless your organisation is prepared to embrace the concept of "least enablement" there really isn't much you can do.

    I do not think that attempting to introduce some sort of "blame culture" is in any way an acceptable solution.

    Either you are in charge or you are not?............. look to your CV mate.

    I have seen your situation before and never seen any good come out of it.

    EDIT:

    I need to find something that can tell me when User X changes the TCP/IP settings or when he installed/uninstalled software and what it was that he installed.
    If they have the power to do that, they also have the power to cover their tracks, or worse still, make it look like someone else did it.
    Last edited by nihil; January 30th, 2009 at 10:51 AM.

  3. #3
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hmm, get them on a DC and put up some policies - lolz , sounds worse than my office :/
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    The worst situations I have seen are where you have to take over administration or support in an environment where you have reasonably computer literate users who are at a senior management level (although they might not be managers, just expensive tekkies) and have been used to full admin rights.

    The only way to rectify the situation is to have the support of management at the Director/Vice President level.

    Generally there are only two ways to get that:

    1. Reducing support costs.
    2. Regulatory compliance/security.

    The only positive side is that there is no way you will be outsourced, because no-one would take it on

    One possible ploy would be to recommend an external security and efficiency audit. Management seem to place much more value on the opinions of outsiders than they do on those of their own professional staff
    Last edited by nihil; January 30th, 2009 at 12:00 PM.

  5. #5
    Member bradlesliect's Avatar
    Join Date
    Apr 2006
    Location
    CT - SA
    Posts
    74
    nihil .... your argument in both posts are well put and I could not have said it better myself.

    However, the problem here is that the client requires the users to have full access to their workstations in the even that apps need to be installed and I am not able to do so. In most cases I can do this remotely but there is always that odd chance that I am not able to.

    I am the outsourced IT dude and I have the task of ensuring that things run smoothly at the client. It makes my job a nightmare as I don't have the control I really want to manage this network effectively.

    I have tried discussing this before but just the fact that admin rights are required this is always where the discussion comes to an abrupt end.

    I would like to know how I can "subtly" propose a more secure solution.

    I have managed to secure the router and wifi he has with some resistance but I showed him how easy it was for me to hack it from the neighbour's place and sniff the traffic leaving his network for the net.

    This guy has been my client for about 12yrs now and is responsible for the bulk of my income. I am looking to perhaps have a situation where the user has "superuser/power user" access which allow him to install but not uninstall and no access to change any windows settings.

    Cider - There is no need for a DC...too much work...too expensive and not needed. Client want a "keep it simple stupid(KISS)" environment. I would love to have an AD with roaming profiles .....gives me more control ...but it ain't gonna happen

    Moving along....back to the drawing board...

    I came across this application - Security Administrator. Any know / heard of it?

    http://www.filesland.com/companies/I...nistrator.html
    .....I rather not say....

  6. #6
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    How many computers are we talking here???

    Cider - There is no need for a DC...too much work...too expensive and not needed. Client want a "keep it simple stupid(KISS)" environment. I would love to have an AD with roaming profiles .....gives me more control ...but it ain't gonna happen
    Have you done a cost analysis comparing the cost of support verses a server...with centralized files\storage \mail and backup....or the cost of the downtime due to all this fiddling???

    The MS Small Business Server is not expensive

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Brad,

    Firstly let me offer you my heartfelt sympathies, in fact that probably should read empathies

    This guy has been my client for about 12yrs now and is responsible for the bulk of my income.
    Ah! that bit I did not appreciate, hence the apparent stupidity of my earlier responses. I would regard you as a "consultant" rather than an outsource.

    A few more questions:

    1. Are all these computers on the same site?
    2. Where is/are the server/s?
    3. Is there anyone who is really computer literate onsite(s)?

    I know that they all think that they are the cat's pajamas when it comes to IT, but is there anyone who might be able to hack it for real?

    I would suggest looking for a few "trusties", and allow them rights, whilst removing them from the others. If it is a single site or discrete sites that should work? I hope we are mostly talking desktops here?

    The first thing I would go for is to secure your server(s). They should only be accessible by you and one other "trusty" (in case someone buys me a Musgrave and a ticket to Cape Town )

    My point is that if you assign responsibility you drive a wedge between the little anarchists? And politically it is a very good move, because you make selected people feel "special".

    Your client feels that all eventualities are being covered, and at least you would have regained partial control?

    Please give me the additional information I have requested and I feel that we can move forwards?

    Cheers,

    P.S. Please remember that I am from England............ the guys who brought you the Boer War

  8. #8
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Another capetonian, how absurd!

    Brad , what company is that so I can hack it
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    What I didn't mention is that I have used the create a local superuser approach in the past and it works.

    If you cannot do something remotely you can talk them through things over the phone. Also you don't need to monitor who is making changes because you already know?

Similar Threads

  1. Using Vim basics
    By gore in forum Other Tutorials Forum
    Replies: 10
    Last Post: March 28th, 2005, 08:38 AM
  2. Windows Tweaks II
    By DeadAddict in forum Other Tutorials Forum
    Replies: 3
    Last Post: November 18th, 2003, 01:20 PM
  3. Securing Windows 2000 and IIS
    By spools.exe in forum Microsoft Security Discussions
    Replies: 0
    Last Post: September 15th, 2003, 10:47 PM
  4. Newbies, list of many words definitions.
    By -DaRK-RaiDeR- in forum Newbie Security Questions
    Replies: 9
    Last Post: December 14th, 2002, 08:38 PM
  5. OS History and other info.
    By Remote_Access_ in forum Security Archives
    Replies: 9
    Last Post: January 12th, 2002, 03:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •