Possible to track user's file system usage?

TheMSsForum.com: The Microsoft Software Forum

Hello,
We have a top level employoee who has given his 2 week notice. The president
of the company came to me becuase he is worried that this employee will
'steal' information over the next two weeks. Now likely if he were going to
do that, he already would have before putting in his notice. It is important
to the company that he trains his replacement over the next two weeks, so
they'd rather not terminate him immediatley.
So my question is, is there a way (or 3rd party product) in Windows
2000\2003 to capture\audit what files a user copies from network drives to
his local computer?
Thanks!
Top

RE: Possible to track user's file system usage? by Pandaman

Pandaman
Mon Mar 20 11:57:32 CST 2006

My reply is at the bottom of your message :

"-=gu=-" wrote:

> Hello,
> We have a top level employoee who has given his 2 week notice. The president
> of the company came to me becuase he is worried that this employee will
> 'steal' information over the next two weeks. Now likely if he were going to
> do that, he already would have before putting in his notice. It is important
> to the company that he trains his replacement over the next two weeks, so
> they'd rather not terminate him immediatley.
> So my question is, is there a way (or 3rd party product) in Windows
> 2000\2003 to capture\audit what files a user copies from network drives to
> his local computer?
> Thanks!


Hello ! I am not specialist for corporate networking and thing like that . I
have never heard of application that can say what software/files has been
copied *but* I do belive your request is not strictly connected to computers
and IT .
It is more like company / personal problem and I belive these should not be
passed by this way .
May be someone else will help you ! :)

Feel free to contact the Community again !

Panda_man
--
Prevention is always better than cure !
--
My web page:
http://pandaman.my.contact.bg
Learn how to protect your computer:
http://www.microsoft.com/protect
Please , rate posts
Top

Re: Possible to track user's file system usage? by Steven

Steven
Mon Mar 20 17:59:29 CST 2006

You can enable auditing of object access on his computer and then audit
write permission on directories on his computer that he has write access to
which would be at least his user profile though this is far from a user
friendly process. If you decide to do such be sure to increase the size of
the security log on his computer to at least 20MB and understand he could
bypass auditing by writing directly to removable media such as an USB drive.
My experience in management and with people is that if they are honest and
trustworthy they will be that way till the end particularly in an
environment where employees are appreciated and treated fairly along with
being held accountable. If they are not then they already got what they
want. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;300549
http://www.microsoft.com/technet/security/topics/auditingandmonitoring/securitymonitoring/default.mspx

"-=gu=-" <gu@discussions.microsoft.com> wrote in message
news:834E73B4-B734-4CEC-B08E-4AF924CBCD3C@microsoft.com...
> Hello,
> We have a top level employoee who has given his 2 week notice. The
> president
> of the company came to me becuase he is worried that this employee will
> 'steal' information over the next two weeks. Now likely if he were going
> to
> do that, he already would have before putting in his notice. It is
> important
> to the company that he trains his replacement over the next two weeks, so
> they'd rather not terminate him immediatley.
> So my question is, is there a way (or 3rd party product) in Windows
> 2000\2003 to capture\audit what files a user copies from network drives to
> his local computer?
> Thanks!


Top

Re: Possible to track user's file system usage? by Roger

Roger
Mon Mar 20 23:24:50 CST 2006

If you have not previously set up auditing then what has happened
has without trace. If you want to try following through lots of logs
you could set a access audit for that user only on each and every
source of concern (one audit ACE set at each root and inherited
to entire substructures). As Steve has pointed out, attempting to
audit at the workstation probably would no do much (use different
machine for example).

"-=gu=-" <gu@discussions.microsoft.com> wrote in message
news:834E73B4-B734-4CEC-B08E-4AF924CBCD3C@microsoft.com...
> Hello,
> We have a top level employoee who has given his 2 week notice. The
> president
> of the company came to me becuase he is worried that this employee will
> 'steal' information over the next two weeks. Now likely if he were going
> to
> do that, he already would have before putting in his notice. It is
> important
> to the company that he trains his replacement over the next two weeks, so
> they'd rather not terminate him immediatley.
> So my question is, is there a way (or 3rd party product) in Windows
> 2000\2003 to capture\audit what files a user copies from network drives to
> his local computer?
> Thanks!


Top

RE: Possible to track user's file system usage? by gu

gu
Tue Mar 21 08:19:29 CST 2006

Thank you all for your responses! I think we will just let the two weeks pass
and hope for the best. The user is in Vancouver and we are here in
Philadelphia. Thanks again!

-=gu=-
Top

RE: Possible to track user's file system usage? by e

e
Thu Mar 23 09:56:28 CST 2006

There is a product from Quest software "InTrust" we us it to verify access of
files and applications on a security WG server within the company... works
well... produces very good reports... and it can be demo'd for 30 days.

"-=gu=-" wrote:

> Hello,
> We have a top level employoee who has given his 2 week notice. The president
> of the company came to me becuase he is worried that this employee will
> 'steal' information over the next two weeks. Now likely if he were going to
> do that, he already would have before putting in his notice. It is important
> to the company that he trains his replacement over the next two weeks, so
> they'd rather not terminate him immediatley.
> So my question is, is there a way (or 3rd party product) in Windows
> 2000\2003 to capture\audit what files a user copies from network drives to
> his local computer?
> Thanks!
Top

Re: Possible to track user's file system usage? by Scherbina

Scherbina
Tue Mar 28 11:19:39 CST 2006

Also if that person uses VSS or simular products then you should pay
attention to access logs of programs, because resources are located not only
in local drivers ...

--
Vladimir
http://spaces.msn.com/vladimir-scherbina/

"-=gu=-" <gu@discussions.microsoft.com> wrote in message
news:B34C874A-10C9-4175-AE46-744340DF7987@microsoft.com...
> Thank you all for your responses! I think we will just let the two weeks
> pass
> and hope for the best. The user is in Vancouver and we are here in
> Philadelphia. Thanks again!
>
> -=gu=-


Top