Nothing in the security logs and nothing in the system log for as far back as it goes. We do have an admin equivalent account on each machine but he shouldn't have the password for that either. I'm actually reimaging his machine tomorrow but I wanted to see if anyone had advice for auditing this in the future.
He's installed everything from Firefox 3 to XP SP3. Nothing that shouldn't be there but we want to be the ones doing the installing (after testing and such.) He's only in town once a year so this is my opportunity to change things up if need be. - Andy O. >-----Original Message----- >From: James Winzenz [mailto:[EMAIL PROTECTED] >Sent: Tuesday, October 28, 2008 10:15 AM >To: NT System Admin Issues >Subject: RE: Alerts on Install or Elevation of Priviledges > >Well, you'd have to have access to his event logs on his computer - >might be a bit more difficult since it is not on the domain, unless you >have the administrator password or you have an administrative account. >But you should be able to look for a couple of things: 1) in the >security log, you could look for logins by the administrator and 2) in >the system log, there should be some entries when an application is >installed. You might also check the local users to see if there is >another admin-equivalent account he might be using . . . ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
