Advice needed please
Hi Everybody
Okay here is the scenario...
Recently I busted one of our employees for surfing inappropriate material at work. I know he has a partner in 'crime', but I suspect that this person is using some sort of eraser program because his internet cache, cookies and index file are completely clean; I may be wrong about this hopefully someone will correct me, but I thought that the index.dat file within 'Temporary Internet Files' was almost like a permanent record of a persons surfing habit.
In light of the above, the question that came to me is, is it possible to define NTFS permissions on the 'Local Settings' folder in such a way as to disallow the user from deleting files from it in the same way that you can with 'normal' user files/folders. I know that there are utilities out there that could possibly help with what I need, but in order to purchase stuff I have to go through an ordering process (I work for a charity).
I hope this is not a stupid question.
Thanks in advance.
Okay here is the scenario...
Recently I busted one of our employees for surfing inappropriate material at work. I know he has a partner in 'crime', but I suspect that this person is using some sort of eraser program because his internet cache, cookies and index file are completely clean; I may be wrong about this hopefully someone will correct me, but I thought that the index.dat file within 'Temporary Internet Files' was almost like a permanent record of a persons surfing habit.
In light of the above, the question that came to me is, is it possible to define NTFS permissions on the 'Local Settings' folder in such a way as to disallow the user from deleting files from it in the same way that you can with 'normal' user files/folders. I know that there are utilities out there that could possibly help with what I need, but in order to purchase stuff I have to go through an ordering process (I work for a charity).
I hope this is not a stupid question.
Thanks in advance.
Comments
-
RussS Member Posts: 2,068 ■■■□□□□□□□The index.dat can be deleted too.www.supercross.com
FIM website of the year 2007 -
kevozz Member Posts: 305 ■■■□□□□□□□You can erase the index.dat very easily if your on a different profile than the one being erased.
-
seuss_ssues Member Posts: 629Surely you have some type of logging enabled where you acheive "point of presence" to the internet.
Just filter the logs based on web traffic and his IP address. -
Gogousa Member Posts: 68 ■■□□□□□□□□Are you working under a domain, If you are, you can block everything with a group policy.
-
Megadeth4168 Member Posts: 2,157We use software on our Proxy server to record where everyone goes on the internet.... This can be done 2 ways... By IP Address (All static here) or by Active Directory login.
We had considered using a RADIUS for some of the same things.
Things are much easier if you are working in a domain enviroment... If not then you may have to go to every machine and set permissions. -
Judd Member Posts: 132grey fox wrote:Recently I busted one of our employees for surfing inappropriate material at work.
If you do have this in the policy, it should define what action will be taken against the user if found viewing inappropriate material. If you don't have it stated in the policy that you can monitor users activity then you don't have much to go on, and again finding evidence won't really matter.
P.S. Look in the DNS cache, I've used this one many times and regular users rarely purge this.
ipconfig /displaydns -
grey fox Member Posts: 54 ■■□□□□□□□□Hi Everyone
Thanks for the replies and suggestions.
To be honest, now that I have been able to think things over, I think trying to go after this person would be a waste of effort, so I have decided to let sleeping dogs lie. I think I was losing sight of the bigger picture because this person looked me straight in the eye and lied to me, and I let it get to me. Besides which I have been told that this person is scared of me and has been giving me a wide berth all week
On a positive note, I have been given a budget to implement content filtering. At the moment I am trying out a 1 month free trial through the manufacturers of my firewall, and it seems to be quite effective. It allows you to black list criteria and any sites that fall under these criteria are blocked and logged for inspection. We will see how this performs and take it from there.
If anybody is interested this is the link for the people who actually provide the service http://www.bluecoat.com/
Thanks once again for all your replies.