Problem solve Get help with specific problems with your technologies, process and projects.

How can I figure out who is tampering with my system?

Is there a way for me to set my system up to log or identify who and what time someone is tampering with my system when I'm not around?
You need to set up auditing. Auditing can be configured to record logon success and failure, privilege use, file and object access and more. Events are recorded in the security event log. You will need administrative privileges to do so. Audit for a local computer is configured from the Administrative Tools, Local Security, Policy Security Settings, Local Policy, Audit Policy. Audit for specific files and folder access is configured from the security tab of the specific file or folder. Here is a good reference article.
This was last published in August 2002

Dig Deeper on Endpoint security management tools

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.