Ask the Expert

How can I figure out who is tampering with my system?

Is there a way for me to set my system up to log or identify who and what time someone is tampering with my system when I'm not around?
You need to set up auditing. Auditing can be configured to record logon success and failure, privilege use, file and object access and more. Events are recorded in the security event log. You will need administrative privileges to do so. Audit for a local computer is configured from the Administrative Tools, Local Security, Policy Security Settings, Local Policy, Audit Policy. Audit for specific files and folder access is configured from the security tab of the specific file or folder. Here is a good reference article.

This was first published in August 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: