RE: Spying in a corporate environment

["Mario DeBono" <mario.debono () global net mt>]

If you have a 2003 domain enforce group policies and restrict access to
certain windows components. I presume even if a user has admin rights on a
pc, he should not be able to over right the group policies, if he is not so
keen to remove the policies from the pc himself.
The best practice is to download by scripts the pc setup every often,
download logs, take snapshots of the cookies directory and "program files"
and if u can copy the ntuser.dat as it has all activity of the user on the
pc and monitor by scripts the "Temp Internet directory", you will be
surprised what you find there.
If you can, do enforce proxies as these have all internet activity logged in
them and it makes it easier to track those "idiots" that makes you the day a
problem at work. I use some of the above and others and I found naughty
users with them. Automate the process, that is important.
Then you can go for more elaborate things, but that is up to yourself, that
even if a user is an admin, you can trace him. If you know how and have the
right tools and TIME you can trace all user activity no matter what.

----------------------------------------------------------------------------
----
The information in this e-mail, and any of its attachments, are strictly
private 
and confidential and intended solely for the person or organisation to whom
it 
is addressed. If you are not the named addressee or if this transmission has

reached you in error, you must not copy, distribute,or make any use of it 
in any manner whatsoever.  If you have received this e-mail in error, 
please notify the sender immediately and then delete this e-mail.
 
All Email(s) sent from this account are virus scanned.
----------------------------------------------------------------------------
----
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Ansgar -59cobalt- Wiechers
Sent: 21 November 2007 18:00
To: security-basics () securityfocus com
Subject: Re: Spying in a corporate environment

On 2007-11-20 Col wrote:
> On Nov 20, 2007 11:25 PM, Murda Mcloud <murdamcloud () bigpond com> wrote:
> > You could always set exceptions to the spy software in your AV
> > solution.
>
> the thing that bothered me with this, a lot of users have admin
> rights, so they could run another program we don't have control over.

As long as they have admin rights you don't have control, no matter what
you try.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq