I am a student at school, I have an administrator account because I have taken a senior internship with the IT director. Now being a student, I know much more that goes on with kids trying to break the security to our network, I want to know if their is a way to see what users/administrators are doing when they sign in. I know about event viewer which is helping me cause I am slowly piecing together a user who is logging on as his name and I suspect he used a keylogger because an administrator account is logged on right after his account almost every time so im suspecting he has got the password, however I myself know administrator passwords because teachers pick them for themselves and they are usually incredibly simple so the kid might have just looked over a teachers shoulder. However can I see what he is doing, what files he is looking in, if he is copying or deleting any files? I heard about XP tracking and I know our schools computer use XP, I am using the geedit command now to view the setup of tracking but is there any other way to see what users and administrators are doing when they log on? Our computers are all on our school network, I am going to talk to the IT director tomorrow if she is in our building( she switches between the elementary, middle, and high school alot so i might have to email her) But I am almost certain that this kid has accessed an administrator account and I want to fully prove it, please help!!!!! Also he is kind of my friend and I do not want to rat him out, I think he is just doing it to do it and prove he can, I dont think he is hurting anything but again I need to prove that. Thanks any help is appreciated. I posted this on 3 threads which I can imagine is against forum rules, but its really important this gets solved cause administrators have access to every other administrator file, which are the teachers file so gradebooks.
Ok, this sounds a bit gray for here. I'll send you to get the information to only show Who got to specific files and folders, not everything they did on the network. That would be user tracking and even some of your higher-ups may get upset if you tracked their every move. If you think someone has gone too far, this will show it by auditing access only to those areas you set up to show persons accessing this area of the network. You can have a list built of persons accessing and see if your friend shows up on the list... or not.