Monitor the IT Department? 1

[overdraft015]

how can i monitor the IT departments actions on the network/server

ok heres the story behind it.
i noticed that 1 user hasnt been loggin on/off the network with the network cable in meaning that their profile hasnt been updated. so i asked her if she is having problem. she is a memeber of the human resource department and has been doing it on purpose as she thinks people can then have access to her files on the server (true only for the IT department - i.e. ME)
So my question in more depth is how can i assure her by proof that i havent been in her profile and copied/read any sensitive information etc....

can this be done? we are running a windows 2003 domain with xp pro clients.

 

[TheLad]

Where is she storing the files that is in a more secure location than your fileserver? I hope not on her workstation which is probably the most insecure location in your infrastructure.... well that and a memory stick that could get lost or damaged quite easily..

I had a chap that was like this, used to store all his files on his workstation. He had changed the local admin userid and password too. So I turned up with an ERD disk, took me 5 minutes to get into his workstation much to his horror...

People have to have faith in their IT department. Files are stored on a server so that they can easily be backed up and restored should an issue occur. A disk failure in her workstation or the loss of an external storage device could mean dire consequences for your company, maybe she should realise that instead of being insecure. Or is she trying to hide something about you

--------------------------------------
"Insert funny comment in here!"
--------------------------------------

 

[TheLad]

Oh and btw, I work for an MOD company in the UK so I am used to having access to privilaged data and not abusing my rights... lol

--------------------------------------
"Insert funny comment in here!"
--------------------------------------

 

[overdraft015]

thats exactly what i thought and said to her "you just have to have faith and trust the IT" she qiuckly said oh yeah of course i do. i think she has all the data on the network except for the data she needs to access often when not in the office) we do use encryption for any portable devices. i just thought i would ask if anyone had implemented anything of know of any software that could do this.

if she cant trust me then i am working for the wrong company. end of the day i wouldnt risk my job by just being nosey.

Thank you for your comments. and good to know that the MOD has some trustworthly people in it's team

 

[TheLad]

Well it wasn't me that left laptops lying around on pubic transport or lost CDs with personal data on, hang on they were users that done that not the IT Department

--------------------------------------
"Insert funny comment in here!"
--------------------------------------

 

[58sniper]

Keeping a profile open doesn't do anything for her.

I tell people that while I/department have access to files on the network, including those on workstations, I have much better things to do with my time, as well as ethics, that keep me from looking.

I always use a GPO to set the local admin password on workstations, so if a user somehow gets rights to change the local admin password (I *rarely* have users with local admin rights), it's only good till the GPO comes by again and steamrolls right over it.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[timmoat]

I tell people that while I/department have access to files on the network, including those on workstations, I have much better things to do with my time, as well as ethics, that keep me from looking.

That is exactly my response.

Typically at the urinals of every christmas party I have the standard

"So you can read all my emails yeah?"

Technically yes. Do I have the time/inclination... no!

 

[58sniper]

When I'm asked *why* I have access to do that, I tell them that I can't support a system I don't have access to. If they expect me to be able to fit it when they call, I need to be able to access it. They generally see the point, and go about their day.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[TheLad]

I find that it is usually people who think and act above their station that question the role of the IT Department

The normal folk are usually grateful for the help and assistance they receive.

--------------------------------------
"Insert funny comment in here!"
--------------------------------------

 

[overdraft015]

you've hit the nail on the head with that one. she think she runs the company and she is only the HR manager.

 

[Hondy]

ask her how she can prove that she isn't gossiping with the information she holds about you and the rest of the IT dept! - Why are HR more trustworthy than IT?...

 

[TheMisio]

Overdraft015,

You can set up Object Access audit on her share and select Success/Failure.
This way any access to her folder of fillies within the folder will be recorded in the event log. You set up auditing via GPO.

Regards,

Michael

 

[allywilson]

You could also show her how to password protect her files (I'm assuming she'll be a heavy Office user) - not the best protection I know. Failing that, show her how to zip everything and put a password on that too. She'll think she's heavily protected (throw around the old 1024-bit hydra encryption technique - or make up a better one ;-).

 

[58sniper]

Password protected zipped files will trigger some AV solutions, and are generally very easy to compromise.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[baddos]

I had a user tell me I read every email that comes in and filter it to the right mailboxes once. LOL

 

[58sniper]

Because you have nothing better to do, right?

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[TheLad]

I personally think that people get paranoid because they have something to hide...

--------------------------------------
"Insert funny comment in here!"
--------------------------------------

 

[lhuegele]

It's not worth it. People will believe what they want about others. Just remind her that her computer and what's on it belongs to the company, and it's your job to protect that property, not hers. Any more time spent on this than that is a waste of time, especially if you don't report to this person. <smile>

Good luck,

 

[Hondy]

I'm thinking you wont actually get any useful solutions to this because your HR person is just wrong and what they are asking is just pointless and everyone on here seems in agreeance with that.

You said she is a "member" of the HR dept, presumably that means she has a boss, explain it to her boss and just get her off your case as she clearly doesn't "get it" - every department is the same, you don't go poking around your Accounts files, HR is just another dept.

 

[gbaughma]

I find it interesting that you're running a domain, but you allow a user to log on locally and still have access to network facilities (shared folders, printers, internet)....

I also find it interesting that she has the authority to log on locally (in other words, she must have the local machine admin password?)

But, that being said, you can do this;

Set up a folder for her on your server, and give her account access to it, and explain it to her while you are doing it; that should put her mind at ease. If necessary, have someone else "try" to get into her folder while she watches.

But, as I mentioned above, it sounds like you have some security issues to start with....



Just my 2¢
-Cole's Law: Shredded cabbage

--Greg

http://parallel.tzo.com