Re: Tracking Users on SBS Network (Security) - Help!!!

Tech-Archive recommends: Fix windows errors by optimizing your registry

Eliminate the remote shutdown ability for users:

In the server manager console under GPMC go to your SBS Client Computer GP
and set the following policy:

Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignment

Double click on: "Force Shutdown from a remote system"
Add User or Group
Browse
domain admins
OK (should come up Mydomain\Domain Admins)
Apply & OK

If this person can be restricted in what folders they can access, then
download Windows Server 2003 Access-based Enumeration:
http://www.microsoft.com/downloads/details.aspx?FamilyID=04a563d9-78d9-4342-a485-b030ac442084&DisplayLang=en

If the above link breaks: www.microsoft.com/downloads and search for "access
enumeration" and it will be the top download.

When installing, do not enable globally. Select the option to enable later.

Once installed, bring up the security properties for the root of the shared
folder you are restricting and enable Enumeration.

Once you have setup the restrictions for this person, Enumeration HIDES the
folders she is not allowed to access. This goes for any user who does not
have explicit access to the folder or a deny setting against the user or a
security group the user would be in. What they can't see, can't be hurt!

Object auditing can be a bit of a headache to work with in my experience. It
also creates a bit of a burden on the system. So, if the system is older and
chugging along, it may have a hard time with object auditing.

If you have SBS Premium installed, you can set a DHCP reservation for the
machine this person uses to static their IP. Then, in ISA you can setup
restrictions on 3389 (Terminal Services) so they cannot even get to the
server against that specific IP. This eliminates the possibility of them
getting in via that method. You can setup further restrictions for various
network management protocols from that IP too.

Also, harden the failed logon policy. It comes out at 50 failed attempts by
default.

GP: Small Business Server Lockout Policy. Change the threshold to 10, and
the duration and reset to more than 10 minutes if so inclined.

Do you have an Acceptable Use Policy in place?

There are other possibilities as far as creating a Group Policy setup that
would restrict this user even further. I have had to do this on some
occasions to weed out troublesome users.

As far as monitoring, Alan is right ... a locally installed software product
would be a good way to get hard evidence of what they are doing.

Philip E.


Shutdown
<cassandramiller@xxxxxxxxxx> wrote in message
news:1177680325.872000.284880@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi All,

I am having serious problems with an employee which is causing a great
concern for the health and stability of my network. In short, I have
an employee who is getting cute and quietly trying to sabotage the
network.

Problems have been the following:

Server reports numerous attempts to log into the server by the
employee (little does she know I get reports of her login errors on
the morning server reports)

I get calls in the middle of the night from users claiming remote web
access is down. Then I find out it is due to someone turning off
their computers. I know it is her, but can't prove she initiated the
shutdown.

We have a company share folder, where files are stored. In the middle
of the afternoon, I get a frantic call from employees stating multiple
directories have been wiped out of the company share folder. After
doing a search, it is revealed that someone moved the directories deep
deep deep into a sub folder directory. So deep, I know its not
coincedental, but rather intentional. I know it is her.

I guess my question is, is there any way to track users
actions...specifically, where they move files and folders? I'd like to
get this person fired but need proof of their actions. Does SBS have
a reporting/tracking feature for this? Any help would be greatly
appreciated.

**H&K**

~CaSsIe~



.

Relevant Pages

  • Re: SBS 2003 folder redirection, offline files, ..and more
    ... Les Connor [SBS MVP] ... few of my users use the home folder for any purpose they wish, ... redirection will be set up on that PC the first time I log in and I'll ... magically see my docs on the server. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 folder redirection, offline files, ..and more
    ... Les Connor [SBS MVP] ... few of my users use the home folder for any purpose they wish, ... redirection will be set up on that PC the first time I log in and I'll ... magically see my docs on the server. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 folder redirection, offline files, ..and more
    ... Les Connor [SBS MVP] ... The challenge is to have my doc's redirection enabled for the desktops, ... >> log in at any other PC in the office and see the server copy of my>> docs - ... >>> I am familiar with folder redir, ...
    (microsoft.public.windows.server.sbs)
  • Re: Allowing Mac OSX to connect to shares
    ... Thanks for using the SBS newsgroup. ... I understand that the Mac client workstations can not ... F. Enter the IP address of the server in the WINS server field. ... Expand Group Policy Management. ...
    (microsoft.public.windows.server.sbs)
  • Re: User Profiles
    ... You can use Folder redirection for the Start Menu, ... Exactly what icons are you getting from the Default Domain Policy, ... and in which GPO setting are they defined? ... MCSE, CCEA, Microsoft MVP - Terminal Server ...
    (microsoft.public.windows.terminal_services)