Tracking when a user has logged on
Email security, Employee monitoring, Exchange security, Exchange user settings, Login scripts, Password management, Tracking user activites, User monitoring, User Permissions, User restrictions, User tracking
As we are having the following problem in the office (small company without an IT person) I was wondering if it is possible to find out when someone last logged on to their PC.
System details
Email: Exchange server (externally hosted)
PC OS: XP
Productivity SW: Office 2007
Issue
Someone is logging on to a PC and looking through the mail archive saved to the local drive of the PC. They then change the time and date of the PC (using the tool that you get to by double clicking on the time at the bottom right of the screen) and send email that the PC's user has previously received or sent (mostly personal, but some business email as well). Because the PC is not logged on to Exchange these emails only wind up in the out box to be sent, rather than being sent immeadiately. They do however, wind up with a date and time stamp that reflects the changes that the person made. E.g. Even though they access the PC on Sat at 3pm, they change the dates to Monday at 9am and this is what is recorded on the emails in the out box.
What happens next is that when the user of the PC next logs on to Exchange the emails in the out tray get sent without them noticing it. Because the person doing this changes the date and time to the time that the user will next be in the office it looks as though the user is sending these emails.
We figure that if we can check when the PC has previously been used we may get a better idea of who is doing this.
Any ideas would be great.
Kind thanks
Software/Hardware used:
Software/Hardware used:
ASKED:
December 18, 2008 8:44 AM
UPDATED:
February 4, 2009 3:59 PM
RELATED QUESTIONS
Answer Wiki:
You might want to try installing programs such as <a href="http://www.track4win.com/">Track4Win</a>, <a href="http://www.tropsoft.com/winvestigator/">Winvestigator</a> or <a href="http://www.remotespy.com/">RemoteSpy</a> for remote monitoring of the computer's usage activity in real-time.
Good Luck!
-Flame
To see all answers submitted to the Answer Wiki: View Answer History.
Are you in a domain or workgroup? Is the computer running XP Home or XP Pro? Do you have password requirement to logon to your computers? If you are looking to find this information now, and did not have logging enabled, I don’t think you will be able to determine who was logged on. However, you have not provided the necessary information to make this determination. Let us know more details and I can give you a better answer.
First thing, have the user change their password to a strong password and make sure they do not write it down.
Do you have security logging enabled on the system? If not, enable logging adding successful and failed logins to tracked events. This will let you know what IDs logged on when and who is messing with the system.
Does everyone have local admin on systems? If so, then it they are bent on malicious activity, it will be hard to catch them. Restrict local admin access on the system in question and change the local administrator password.
If you want, restrict access to the PST file so that only the proper user has access to the file. Once again, admin rights trumps all.
If you are in an AD domain, ensure that successful and failed logins are tracked. This is tracked on the domain controller that the system connected to during login. That means you have to check the log of each domain controller.