I am a student at school, I have an administrator account because I have taken a senior internship with the IT director. Now being a student, I know much more that goes on with kids trying to break the security to our network, I want to know if their is a way to see what users/administrators are doing when they sign in. I know about event viewer which is helping me cause I am slowly piecing together a user who is logging on as his name and I suspect he used a keylogger because an administrator account is logged on right after his account almost every time so im suspecting he has got the password, however I myself know administrator passwords because teachers pick them for themselves and they are usually incredibly simple so the kid might have just looked over a teachers shoulder. However can I see what he is doing, what files he is looking in, if he is copying or deleting any files? I heard about XP tracking and I know our schools computer use XP, I am using the geedit command now to view the setup of tracking but is there any other way to see what users and administrators are doing when they log on? Our computers are all on our school network, I am going to talk to the IT director tomorrow if she is in our building( she switches between the elementary, middle, and high school alot so i might have to email her) But I am almost certain that this kid has accessed an administrator account and I want to fully prove it, please help!!!!! Also he is kind of my friend and I do not want to rat him out, I think he is just doing it to do it and prove he can, I dont think he is hurting anything but again I need to prove that. Thanks any help is appreciated.
It's a no-brainer - you have to report it to the Director whether or not she happens to turn up in the right building. You must have her mobile number or her e-mail address. How do you know she isn't setting you up to see how you react to test how you respond to responsibility?
I know its not a test, I know the kid well who i suspect is doing this, he is trouble, I guarantee he is doing what he always does, breaking into things just to cause trouble, and its always hard to turn in a friend.
It is not really a good practice peeking at someones account (eavesdropping) anyway I would suggest for a school to list the administrators, users, etc. you have to determine the users rights and privileges, the policy console is the best way to do this. You have to maintain that users should NEVER log in as administrator (this is what most IT people failed) - If you give the right resource (files) then less trouble.
You can try Windows Security Officer (google it). cheers.