I am a student at school, I have an administrator account because I have taken a senior internship with the IT director. Now being a student, I know much more that goes on with kids trying to break the security to our network, I want to know if their is a way to see what users/administrators are doing when they sign in. I know about event viewer which is helping me cause I am slowly piecing together a user who is logging on as his name and I suspect he used a keylogger because an administrator account is logged on right after his account almost every time so im suspecting he has got the password, however I myself know administrator passwords because teachers pick them for themselves and they are usually incredibly simple so the kid might have just looked over a teachers shoulder. However can I see what he is doing, what files he is looking in, if he is copying or deleting any files? I heard about XP tracking and I know our schools computer use XP, I am using the geedit command now to view the setup of tracking but is there any other way to see what users and administrators are doing when they log on? Our computers are all on our school network, I am going to talk to the IT director tomorrow if she is in our building( she switches between the elementary, middle, and high school alot so i might have to email her) But I am almost certain that this kid has accessed an administrator account and I want to fully prove it, please help!!!!! Also he is kind of my friend and I do not want to rat him out, I think he is just doing it to do it and prove he can, I dont think he is hurting anything but again I need to prove that. Thanks any help is appreciated.
there's of course tons of monitoring software, which will capture screenshots at any given interval, there's software like gfi endpoint which will monitor file transfers to any medium, etc. most of these have trials if you're just looking to catch one person.