How can I figure out who is tampering with my system?

Is there a way for me to set my system up to log or identify who and what time someone is tampering with my system when I'm not around?
You need to set up auditing. Auditing can be configured to record logon success and failure, privilege use, file and object access and more. Events are recorded in the security event log. You will need administrative privileges to do so. Audit for a local computer is configured from the Administrative Tools, Local Security, Policy Security Settings, Local Policy, Audit Policy. Audit for specific files and folder access is configured from the security tab of the specific file or folder. Here is a good reference article.
This was first published in August 2002

Dig deeper on Endpoint security management tools



Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: