[twig123]

Hi all, I have a unusual request.
I am having a problem with one of my employees tampering with work PCs, but I can not crack down on him unless I have proof. So, do any of you know of a good Silent PC monitoring or key logger software ... so that I can catch him red-handed?!

Thanks in advance.

[nitroshift]

What exactly do you mean by "tampering"?

[Jeremy]

Why don't you have a network administrator and have all the PCs setup with strict user permissions on limited accounts so people can't do crap like that? if your employee is breaking policy or whatever, then it's probably time to have a 1-on-1 with them or find another employee.

This post has been edited by Jeremy: 15 January 2007 - 12:12 PM

[mark]

Jeremy, on Jan 15 2007, 01:11 PM, said:

Why don't you have a network administrator and have all the PCs setup with strict user permissions on limited accounts so people can't do crap like that? if your employee is breaking policy or whatever, then it's probably time to have a 1-on-1 with them or find another employee.

Well, if he is like us, then the company is to small to have a sys-admin or even someone who is trained in computer related things. We don't need our comps strung together. I prefer them to be unconnected so any problems on one are isolated. Written or verbal rules should be enough in the way of guidelines on the use of company comps or even one's own personal ethics. If someone is not trustworthy, then they are not worth having as employees. Mistakes aside, I trust the guys I work with 100%. I am guessing twig123 is in need of a legitimate reason to get rid of the employee.

Now to what nitroshift asked. Answere?

DL

[Jeremy]

Ah, I didn't think of that. My apologies for jumping on that.

[ringfinger]

Tampering sounds like hardware related, but I doubt thats the issue. As far as the software side there are many options out there now-a-days... I've used an app called 007 Spy Software and found it to be very useful in catching people ... however it costs a little money, someone else may have other solutions that are free... if this is indeed even your problem.

[twig123]

Thanks for all the responses.

Yes, basically I only have a couple ppl in my shop, and I came in one day and found it infested with virii and adult material on the system... as well as customer data backups were deleted. I am almost positive of who it is, but hopefully some of this software will help me catch the bandit red-handed... then I have a valid reason to let him go... and not be able to collect unemployment.

[Jeremy]

I've used this keylogger before. It will do the trick. Assuming this employee is not expecting to be caught thus they won't check the Task Manager for the process. But if all this individual is doing is surfing porn and deleting company files then I doubt they'd know what to look for in Task Manager.
There are other keyloggers that will take screenshots at intervals and e-mail them to you as well, but I don't know if they are freeware. Just Google for keyloggers.

[LLXX]

Hardware keylogger *in* the keyboard or inline in the keyboard cable.

I doubt your victim is checking the hardware, but checking the software is quite simple.

[Jeremy]

LLXX, on Jan 17 2007, 04:25 AM, said:

I doubt your victim is checking the hardware, but checking the software is quite simple.

For you and me and many other "techs" here, of course. But not necessarily for someone too focused on looking at porn and deleting company data. Besides, he could just rename the file "svchost.exe" and no one would notice, since there can easily be 5 or 6 of these in the Task Manager with default Services config.

[Ludwig Von Cookie Koopa]

Well you can do many things for that situtation.

Generally if your in a store like Radio Shack you could put a hidden camera behind the wall.
I forget this great mod site to buy hidden cameras. Ask the admin "WeaponX" about buying hidden cameras in the "Nintendumps.net" fourms.

The camera could be a radio or clock on the wall.

Then again you can block any websites that the person has been visiting in the Internet Options and put a pass key on it.

you can call a small meeting after removing the material and blocking stuff on the pages. The meeting will be that Somebody has been messing around with the computers and I am not going to blame anybody but if I find out that if anybody has been messing around with the computers in the wrong way then I will have to give you a strike and even withold pay.

About getting rid of viruses you will need something like Noadware. I am not going into that now.

[Jeremy]

Ludwig Von Cookie Koopa, on Jan 18 2007, 01:07 AM, said:

About getting rid of viruses you will need something like Noadware. I am not going into that now.

Avast (freeware anti-virus)
Kaspersky (payware anti-virus)
Ad-Aware, Spybot, Windows Defender, HijackThis log file *attached to the post*

Or you could just reformat it.

[mark]

twig123, on Jan 15 2007, 07:15 PM, said:

Thanks for all the responses.

Yes, basically I only have a couple ppl in my shop, and I came in one day and found it infested with virii and adult material on the system...

Smack their hands and scold them.

Quote

as well as customer data backups were deleted.

Fire them.


DL

[ringfinger]

DL, on Jan 19 2007, 04:54 PM, said:

Fire them.


DL

Indeed... lol

[LLXX]

DL, on Jan 19 2007, 04:54 PM, said:

Fire them.

Agree.

[PC_LOAD_LETTER]

setup a proxy server (squid and SARG) and pipe their net connection through it -then you have an exact log of what sites they visited and the times

we use that to restrict/monitor our computer labs

we have also used a piece of software called desktop detective that works quite well. Its not free but its not expensive -contrary to what youd think by reading the google results it os NOT malware but it IS SPYware. you can make it send reports/screenshots to you via email or if you can connect by ip to the machine directly, you can view the activity real time and see a screenshot every few seconds.

there site used to be http://www.bitlogic.co.uk/ but it looks like they might be defunct

[Idontwantspam]

You may want to look at using something like Windows Steady State, DeepFreeze or some other software to reset things when stuff gets messed up. Also, at least some form of filtering would probably be good. You might also want to look at using some level of group policies.