cd_uk

ctrl + alt + del and press Lock...Instant lockout, unless he knows your password...but the vnc idea is good proof and a mind settler I guess.

[Edited by cd_uk - 9/5/2002 7:33:50 PM]

V5

Bob, if you think he knows the admin pwd then when you lock your puter, leave some applications running. If he unlocks as administrator he will force these apps to close. Then when you log back on, you can check if they're running. If they aren't, someone has been on your puter.

Edited to add - don't forget to save any work in progress before doing this!!

[Edited by V5 - 9/6/2002 9:13:04 AM]

BOB.T

..... snooping round your pooter at work, what would you do?

I think someone might be using my pooter whilst I'm not there, I've seen him use another machine (not his) whilst it's operator was out, when I quizzed him about it he closed everything off and was really sheepish about it! We never had to worry about security before but since then I've changed my password and set the thing to lock with the screensaver, I also log off before leaving. Once, after brewtime I came to my machine and it was at the password screen, rather than the ctrl, alt, del screen?

Is there any way of tracking the last thing the pooter did, sort of like a flight recorder I guess? I'm more bothered about him changing something in our database and me getting the blame than anything else, in fact, there's nothing on my pooter that I wouldn't show mi mum

It's a shame it's come to this but if he is doing summat I wanna know so I can take action, at the moment I don't really have any evidence.

Cheers, Bob

PS, I'm not sure if he knows the administrator code?

Apple

Not sure about tracking Bob, but if you're using MS Office toolbar, set up the screensaver icon so that it comes on instantly (well, with a few secs) after being clicked rather than waiting x mins - gives him less chance to catch the pc before he can get on and stop the screensaver activating...

Apple

Apple

PS he's not trying to incriminate you or others by surfing some "dodgy" sites to get them on your system and then just happen to flag them up, is he?

Has he got a red face and hairy palms when you catch him or is that stereotyping


Apple

bashful

I'd find some keystroke-logging software, usually used for password sniffing, although if (as it sounds) you've got NT/2KP/XP you may need rights to install it.

Other obvious things would be last-used document lists in Office apps and browser history / cache investigations.

mega_stream

Set up VNC on your PC and leave it running, then go to lunch, but really go onto another PC in another office.

Then log onto your PC using VNC, sit back and watch what the heck is being done on your PC

A fun way of seeing what's happening

BOB.T

Right, I don't use office, have it but have never used it! The pooters are all on Windows 2000. We only have the one office and just enough pooters to go round the 4 of us!

I've not noticed anything in the internet history? The thing that worries me is that we all log onto a big database and have our own ID's, which we can't alter from here, basically he could **** summat up in the database from my machine and it would look like I did it, he could "notice" it, claim the glory and get further up the boss's *** than he already is!

I've started locking mi draw aswell, seen him do that trick too, don't want mi choccy biccies gettin nicked oh yeah, it really annoys him if I get to the office before him too, we start at 9, I have to get there for at least 8.40 to beat him, well worth it tho

BOB.T

bttt

MarkO

The VNC idea is good. Then once you've caught him, open up a notepad screen and type in 'I know what you're doing' in front of his eyes. Should scare him off.

Dream Weaver

VNC is defo the way to go - very cool

super_si

set up a keylonger n see what there after,

also on 2k just before u go , clear the recent folder

nigelward

Report them, I wouldn't mess around with something like this especially if privileged access to a database is involved.

RVeiga

use this

http://www.xyloc.com/products/solo/solo.html

RVeiga

use this

http://www.xyloc.com/products/solo/solo.html

BOB.T

ok, I now log off if I'm gonna leave my machine for more than about ten mins, can't do the VNC thing because we don't have a spare pooter...or office for that matter! Haven't a clue what a Keylonger is or how I would clear, or even find the history thing The xyloc thing sounds cool but I can't afford it and it would deffo cause an upset, not that I don't want an upset, just need some proof first

Would I be right in thinking if he knew the administrator password that would get round my password?

David_Wallis

either way you wont be able to see what he has been doing as you will be using different profiles... ask your domain admin to restrict his logon to his own pc..

David

chiark

Are you a local adminstrator on the machine in question? If so, you can deny his username the right to log on locally...

beemerboy

also chyeck your document history in start/documents... this might show what files he/she's been accessing.

keep all private stuff passworded (word/excel etc)
just use the save options - file / saveas / tools etc (office 2000)
cant remember office 97, but the principle is the same...

that should pi55 then off.

good luck...

BB

David_Wallis

Again this wont work if they are logged in as a different user due to profiles.

David

boomer

Bob,

you need something like a...

http://www.007spys.com/monster/commputer_KC.htm

to find out what they are doing!!!

Do a search to see if you can find a cheaper UK source though.

mb

Scooby Snax

have you knocked him out yet?

or remove the keyboard when you leave and place a manky old one in its place and cover it with superglue. When u get back if the fool has a keyboard stuck to his hand u know its him....

ill get my coat

LeeMac

iTrader: (1)

or
http://www.softactivity.com/

BOB.T

Think this is gonna come to fight soon!

A colleague had left his machine on but locked, when he came in today it was off and when he reached the password screen the username was administrator, not....... He's quizzed the boss about it and he says "maybe the power went off and your machine is set default to admin...". This doesn't add up though because his is the only machine to be affected plus we just recreated th circumstances and got different results. The spooky, or not so spooky thing is, the "suspect" was in yesterday, alone.

There's gonna be words this afternoon, I think some may even be heated!

Bob

Robertio

iTrader: (1)

Bob, if you log into the database seperately then don't worry about it, unless he knows your password to connect to the database (in which case it wont matter whether he is using your machine or another) it wont record the changes against your user id, but the one he uses to connect.

If you want a key logger let us know, I'm sure I could throw one together which you can just copy onto your machine, so even if you don't have admin rights it will work. Or if you just want to annoy him I could put together a login screen program that you could run when you leave the machine - he'll think he can just login as normal and it can sit there and reject his password before bringing up a 'your account has been locked, contact your system administrator' message, lots of worried looks for the rest of the day . Or any other nasty little utility you can think of

David_Wallis

They dont default to anything... Just what the last user that logged in was or nothing..

David

Foot_Tapper

Bob, whoever this guy is; he sounds like an amateur.
If he knew his stuff, he could probably have acheived his goal by logging onto your machine remotely. In which case he would have
done his dastardly deed.
If your database is on another pc/server on the network; it will
require authentication to use it. He would have to log in as you; obviously to make it appear as if you had done the work. He could probably do this from his own pc. In which case he would have to know your password; he could then change your password, then log on as you; do his work; change your password back to what it was
originally.
The only reasonable explanation to be logging onto individual pc's; is for locally stored data.
Sorry , ive just added to the confusion.

BOB.T

I like the sound of that programme Rob, I think I would lock myself out though

David, that's what I thought and what we proved at lunch time with our secret test..... ok we just pulled the plug out to simulate a power cut

FT, he does know my password to the database, we all know each others, a tad pointless you might say! It was done more so that we could trace who had entered the data rather than security issues. He did know the password for my machine, till I changed it RE the locally stored data, there is absolutely nuffink on there that shouldn't be and nothing that's of use to him or that I wouldn't let him have, if he asked, this is why it's puzzling me so much

Anyway, I've told my boss about it today, will see what develops, not a lot I should imagine will have to stick to laying things out on mi desk in precisely marked positions

Bob