Re: User event tracking

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Theoretically: yes.
Practically: no

You can enable auditing of object access on your server, but then
you have to apply the audit policy to every file as well (see
"auditing" in Help and Support). While this is possible, it would
generate excessive logging in your Security EventLog and probably
cause performance problems as well.

IMHO, what you should do is to enable auditing of security events,
which gives you a record of users logging on and off, and use NTFS
permissions on your file system.

Have a look here in your policy editor:
Computer Configuration - Windows Settings - Local Policies - Audit
Policy

The idea is simple: if you make sure that users can only access
those files that they are allowed to see, then you don't need to
audit every file.
You can limit which programs users are allowed to run with Software
Restriction policy:

Using Software Restriction Policies to Protect Against Unauthorized
Software
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/prodtechnol/winxppro/maintain/rstrplcy.asp

324036 - HOW TO: Use Software Restriction Policies in Windows
Server 2003
http://support.microsoft.com/?kbid=324036
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
SQL troubleshooting: http://sql.veranoest.net
___ please respond in newsgroup, NOT by private email ___

=?Utf-8?B?UGVycnk=?= <Perry@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote on 20
mar 2006 in microsoft.public.windows.terminal_services:

Can anyone tell me if there is any auditing built into Windows
that will allow me to track what files and programs were used
during a TS session? We are new to the TS world and this has
taken off like a fildfire. The managam,ent is nervous about
sensitive data roaming around. We would like to track where
users go and what they open during a session. Any help is
appreiicated. Thanks

Perry
.

Relevant Pages

  • Re: Auditing Folders and Files - Audit Policy - Audit Object Acces
    ... >> Make sure on that server that auditing of object access is indeed ... >> server is Windows 2000. ... >> then you have a domain or Organizational Unit Group Policy overriding ... >> policy and you will have to enable auditing of object access at that ...
    (microsoft.public.win2000.group_policy)
  • Re: Policy issues in Two domains
    ... If you are expecting these settings to be effective on the Windows 2000 ... if you have Windows Server 2003 or Windows XP machines at the ... remote site and they are failing to get the Software Restriction Policies ... are getting the Software Restriction Policy applied? ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to allow users to create groups and shares
    ... Add the user/group to the Computer configuration, windows settings, security settings, Local policies, "Allow logon locally" in the Default domain controllers policy and on a existing or new created policy for the member servers. ... Filtering: Not Applied ... check with GPMC on the server or from a client the policy settings. ...
    (microsoft.public.windows.server.active_directory)
  • Domain Controller Security Policy errors
    ... Security Policy or the Domain Controller Security Policy. ... The DC is also a print and file server. ... The domain controller for Group Policy operations is not available. ...
    (microsoft.public.win2000.active_directory)
  • RE: Cant set Local Security policies. They fail to save
    ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
    (microsoft.public.windows.server.sbs)