• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Server logging for accountability?

K

King_Weaver

Gawd
Joined
Nov 26, 2006
Messages
620
So we have several servers in the US that get updated and worked on by a large number of people on a regular basis. These servers run win 7 (our software doesnt work on server 2008/2012), they are also not on a domain and there is only one user on each server (so everyone has to log in with the same account). Again this is the way it has to be set up for our proprietary software to work.

Anyway this makes it extremely difficult to monitor who is doing what and when on these servers. Can you guys suggest a software package that forces a user to input their name when logging in (we remote in using dameware), and forces them to fill in a change log before logging out (being in their face and annoying is the name of the game here). It would also be awesome if we can find a utility that would take a video screen capture of everything that happens on screen while the person is logged in.

Any suggestions?
 
Security nightmare. You understand that anything you do is going to be a bandaid solution, at best, right? If someone has any interest in avoiding accountability, they'll be able to get around whatever you put in place without too much effort.

That said, I immediately thought "spectorsoft".

I might also look into some kind of webcam monitoring solution.

But again, your environment makes it really easy to avoid these solutions.
 
My immediate thought was: can't you just install Windows 2008 R2 and hypervisor Windows 7 and force it to join the domain? At least you'd have somewhat more control while being able to maintain this proprietary software.

Running Windows 7 with intended Server tasks and in that way just sounds hellish and an epic blame game to follow when SHTF. If it's your proprietary software, my first reaction would be kicking management to get on the developers to add support to a more robust system for you to manage it.
 
Yea your absolutely right its a nightmare, it's driving me nuts! I spend half my working hours tracking down changes >_<

I know there is no ideal solution because of our software requirements. What I am picturing in my head is like a higher level authentication system... so like a second level of users, so you log into windows using the single user account that everyone uses, but before you get desktop access you have to sign in again to some 3rd party software. Does that make sense?
 
Liger88 said:
... If it's your proprietary software, my first reaction would be kicking management to get on the developers to add support to a more robust system for you to manage it.
Click to expand...

Unfortunately our developers are swamped with the current huge list of upgrades that need to be done (we do cloud based game streaming). So for them this is a low priority... of course us IT guys are going crazy over it.
 
King_Weaver said:
Yea your absolutely right its a nightmare, it's driving me nuts! I spend half my working hours tracking down changes >_<

I know there is no ideal solution because of our software requirements. What I am picturing in my head is like a higher level authentication system... so like a second level of users, so you log into windows using the single user account that everyone uses, but before you get desktop access you have to sign in again to some 3rd party software. Does that make sense?
Click to expand...

Makes sense. TAMOS (Tivoli Access Manager for Operating Systems) is able to do this with Unix/Linux (at least last time I looked at it back in 2006 - saw it implemented at a regional power company). Your friendly neighborhood IBM rep may be able to find out if the product also can handle Windows.

For pure monitoring, I would suggest looking into a company called Netwrix. They have change monitoring capability for the types of boxen that you have a need to monitor, but you might have to build a back end process for the documentation (i.e. have the change notifications pushed to SharePoint and trigger a workflow to investigate each one).

For the shameless plug, I can certainly be available to hire to assist in the process changes :).
 
Curious why it wont run on server 2008 / 2012.. unless they application does an OS check?
 
It has to do with drivers and some companion software that only runs on desktop versions of windows.
 
I do know how you are going to monitor all the changes someone makes to the server, i suppose you could, i just don't know with what.

Most companies of any size should have a vendor OU with vendor accounts that they sign out with a form so you know who is using them, and other basic information. You can also use the Auditing built in to windows for sign-on' and sign-off times. Which if dameware does user reporting you could match those logs with the dameware logs.

Nothing is full proof unless you are their anyways but at least you could hold some accountable for there stupidity with this. At least this is what we do, I really could careless what they changed on a server, I just know when they are on and for how long. It's still my responsibility to verify the work and make sure everything was done OK without anything else being jacked up.

Damn you manual labor! Damn you! :(
 
Tee said:
I do know how you are going to monitor all the changes someone makes to the server, i suppose you could, i just don't know with what.
Click to expand...

As far as *what changes are made, that can be filled in manually by our IT staff as they go and then enforced through policy. What we need to know is *who logged in, when, and for how long (and preferably forces them to make a log entry on sign out)... but because we all have to use the same windows user account there is no way to tell *who is actually logging in. Hence the need for a second level of authentication :)
 
King_Weaver said:
As far as *what changes are made, that can be filled in manually by our IT staff as they go and then enforced through policy. What we need to know is *who logged in, when, and for how long (and preferably forces them to make a log entry on sign out)... but because we all have to use the same windows user account there is no way to tell *who is actually logging in. Hence the need for a second level of authentication :)
Click to expand...

If everyone is using the same account to access the machines, I couldn't tell you anything better than pencil and paper, and strap a camera to there heads :D

You cannot create a new OU with new user accounts? I would do this but if you cannot, so be it.
 
Yea I mean if we were on a domain and I had that level of control the problem would'nt be that bad... but again we cant do it that way. And since we access the servers remotely a pen and a camera wont be too useful lol. In fact the bulk of our company (including all technical staff except for myself) live and work out of Israel which further complicates things.

I think we are going to call around to some vendors and see if we can cobble something together, its pretty obvious a turn key solution for this doesn't exist.
 
You could check out a bomgar system this would allow you to control access, log access, record sessions, and monitor who is on. I guess I didn't think about this product it can get expensive but I've used it before and it's a very good product.
 
Why not make local user accounts for the people remoting in and give them certain privileges for certain tasks and turn on auditing?
 
You must log in or register to reply here.
Back
Top