Over 1 million tech questions and answers.

Windows Commandline Process Auditing Question

Q: Windows Commandline Process Auditing Question

Has anyone had any luck with enabling Windows commandline process auditing as noted in the article: https://technet.microsoft.com/en-us/library/dn535776.aspx
I've been testing this out on a Windows 7 Prof system to see how commands executed via the commandline are recorded in the event logs. I was able to enable all of the policy settings as noted in the article however upon testing I've noticed that not all
commands are being recorded. For example del, rename, and copy commands are not being recorded whereas other sys-admin type commands (ipconfig, netstat, nslookup..etc) are being recorded. My question is does anyone know why these commands are not being recorded
since according to the example in the article they should be?
Thanks

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Windows Commandline Process Auditing Question

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 60.8

there is a user who wants to know who's making some incorrect changes to a file that is shared to 7 people. the file is on an nt 4.0 server. none of them will fess up so she wants to know if there's a way to find out who is accessing it, at what time, and, if possible, what they did. can nt do this? if so, how?

we run a complete nt 4.0 network (servers/workstations). thanks for the help.
 

A:NT Auditing question...

Read other 6 answers
RELEVANCY SCORE 50.8

Hello,

My dad has all his important files in a folder named "IMP" in E: in Windows 7. I've set auditing object access failure and enabled auditing on the IMP folder and denied read access and delete folder for all other users.

Everything is working fine and I can check the event viewer whenever my dad wants to have a look at the logs. The problem is I am not always present when he wants to have a look at the logs and since he isn't too tech savvy it would be very difficult for him to go to event viewer, filter the log with event id no. 4656, Event Sources: Microsoft Windows security auditing, Task category: File System.

I was wondering if there is an easier way of generating logs for eg. automatically create a notepad file with all those filters once the audit failure triggers.

Please help
 

A:How to create easier reporting for Windows auditing?

Create a Custom View in Event Viewer, then he could just go to that item and view the relative log entries.
 

Read other 1 answers
RELEVANCY SCORE 50.8

Hello,
My dad has all his important files in a folder named "IMP" in E: in Windows 7. I've set auditing object access failure and enabled auditing on the IMP folder and denied read access and delete folder for all other users.
Everything is working fine and I can check the event viewer whenever my dad wants to have a look at the logs. The problem is I am not always present when he wants to have a look at the logs and since he isn't too tech savvy it would be very difficult for him to go to event viewer, filter the log with event id no. 4656, Event Sources: Microsoft Windows security auditing, Task category: File System.
I was wondering if there is an easier way of generating logs for eg. automatically create a notepad file with all those filters once the audit failure triggers.
Please help
 

A:How to create easier reporting for Windows auditing?

Hello and Welcome....
Here is something you may try, its a little program Called MyEventViewer by Nirsoft. No install required, its free and quite simple to use. Maybe your dad will not have any difficulty learning how to use it to view the logs.
Take a look at it here..... http://www.nirsoft.net/utils/my_event_viewer.html (change the hxxp to http)  
Mod Edit:  Fixed link - Hamluis.

Read other 3 answers
RELEVANCY SCORE 50.8

I changed ownership of my C:\ in order to change permissions, be able to audit, and delete files which are locked. Usually system files are locked and I ignore those when prompted that they cannot be changed without admin approval (even providing admin approval doesn't allow their modification). I'm wondering what I have to do to be able to make decisions on my own system? Does anyone know a good step by step guide? My old Windows installation is taking up 17 gigs on my hard drive and I have a 230g hard drive. Needless to say space is precious with the size of downloads/installations being what they are (games that are 20g, Windows updates that are 3g..). Thanks in advance.

Read other answers
RELEVANCY SCORE 50.8

Hello,

My dad has all his important files in a folder named "IMP" in E: in Windows 7. I've set auditing object access failure and enabled auditing on the IMP folder and denied read access and delete folder for all other users.

Everything is working fine and I can check the event viewer whenever my dad wants to have a look at the logs. The problem is I am not always present when he wants to have a look at the logs and since he isn't too tech savvy it would be very difficult for him to go to event viewer, filter the log with event id no. 4656, Event Sources: Microsoft Windows security auditing, Task category: File System.

I was wondering if there is an easier way of generating logs for eg. automatically create a notepad file with all those filters once the audit failure triggers.

Please help

A:How to create easier reporting for Windows auditing?

probably by writing a bat file and executing with admin privileges... but you have to look if there is a way to do it with console commands to event viewer in the first place (it's likely possible).

I have a few of these "shortcuts", double click and Bam! A wall of commands gets executed. Time-saver man.

Why that anyway? If it is locked to other users what is there to log? Failed attempts to open it?

I really hope you are encrypting your drive, as this measure alone is a bit weak if the disk isn't encrypted. (a punk can simply boot that PC from a Linux liveCD or USB thumbdrive and access the unencrypted disk and those files ignoring the windows policy).

Read other 3 answers
RELEVANCY SCORE 50.8

Should I be worried? Also I don't know if this is the right place to post this...

Code:
System


-
Provider

[ Name]
Microsoft-Windows-Security-Auditing

[ Guid]
{54849625-5478-4994-A5BA-3E3B0328C30D}





EventID
6281





Version
0





Level
0





Task
12290





Opcode
0





Keywords
0x8010000000000000




-
TimeCreated

[ SystemTime]
2013-01-26T20:14:21.908303300Z





EventRecordID
46291





Correlation




-
Execution

[ ProcessID]
4

[ ThreadID]
6656





Channel
Security





Computer
bluedragon





Security

-
EventData


param1
\Device\HarddiskVolume2\Windows\System32\VMWRP64.DLL




Edit:

I not certain but I seem to have a lot of warnings, errors, etc. Hopefully nothing serious.

A:Microsoft-Windows-Security-Auditing failure

Do you still need help with this? If so, please post back and I'll see what assistance I can provide.

Please provide these reports (even if not experiencing BSODs) so we can provide a complete analysis: https://www.eightforums.com/bsod-cra...tructions.html

Please also do this:
- open Event Viewer (eventvwr.msc)
- expand the Custom Views category (left click on the > next to the words "Custom Views")
- right click on Administrative Events
- select "Save all Events in Custom View as..."
- save the file as Admin.evtx
- zip up the file (right click on it, select "Send to", select "Compressed (zipped) folder")
- upload it with your next post (if it's too big, then upload it to a free file-hosting service and post a link here).

Read other 1 answers
RELEVANCY SCORE 50.8

Hello Everybody,
We have a requirement in our project to audit all security relevant events on the system, including the start/stop of auditing functions. The problem is that windows is not registering the start of event log service when you manually stop/start the service.
There only an audit event on the system log, but linked to the system startup and not under security category when you do the start/stop manually. Is this a windows bug or a matter of configuration?
Best regards,
Alejandro.

Read other answers
RELEVANCY SCORE 50.4

Dear Commuity,
I need to add a printer using PowerShell on Windows 7 and Windows 10 (both x64).
Unfortunately it's not possible to use the PrintManagement PowerShell-Cmdlets.
I'm currently dealing with adding the printer port.
I already tried using the following commands:
This one was already recommended on Technet
Here.
rundll32 printui.dll PrintUIEntry /if /f <Path_To_INF> /r "<IP_Address"
and
cscript C:\Windows\System32\Printing_Admin_Scripts\de-DE\prnport.vbs -a -r IP_<IP_Address> -h <IP_Address>
Both commands tell me that the arguments are invalid but the paths and IP-Addresses all exist. The commands are of course run with administrative privileges.
What am I doing wrong and how can I resolve that issue?
Thanks in advance
Update-Troubleshooter

Read other answers
RELEVANCY SCORE 45.2

http://tinyurl.com/36leu
 

Read other answers
RELEVANCY SCORE 44.8

hi all!
i just discovered "action(s)" and i would like to know if there is a way to set it up to execute a command line task such as:
csp -i <file name> -o <output bmp)
can i set up action(s) to ask for the input file name and the output bmp path and the execute the entire task?
regards & thanks for reading
markus

A:action(s) for commandline?

ya through a batch file... i think lol.

Read other 4 answers
RELEVANCY SCORE 44.8

How can users check from commandline (!!!) if hibernation is currently on or off?

When I search through the Internet then thousands of articles describe how to turn it e.g. on e.g. by

powercfg -H on

But what if I just want to let Win just show the current state WITHOUT to change it?

Is there really no way of just checking it from command line (NOT by Control Panel)?

Peter

A:How to see from commandline (!!!) if hibernation is on or off?

I have an SSD therefor I do not use Hibernation. It's a horrible idea.

To find out if the feature is enabled, the file must exist, hiberfil.sys

To find out if the file exists, its a hidden file, try
Or try
Code:
assoc C:\hiberfil.sys
then try it with quotes "C:\hiberfil.sys".

Read other 3 answers
RELEVANCY SCORE 44.8

how do I create a batch file to upload a file to a ftp server ?
Code:
ftp
open ftp.domain.com
logon
password
put "E:\example.png"
close
quit

 

A:Solved: ftp commandline

Read other 12 answers
RELEVANCY SCORE 44.8

Hi this is a bit off topic but i am running windows 08 server core in virtual box to try and learn it,The problem i am having is that i would like to run vboxguest additions so that the mouse runs seamlessly i can get to the D:/ drive and do a DIR to see what is in there (see attachment) i would like to know how do i run the .exe file to get the guest additions to run.
Thank you .

A:am lost in the commandline

You don't want to run the file that ends in run...but rather the one that ends in .exe.

I haven't had a chance to install these on a server core install to see if they work fine. Some apps can be hit or miss...but a quick look at the vbox forums seems to indicate these should install.

Read other 5 answers
RELEVANCY SCORE 44

Hello all. I've tried several things to no avail. I need some extra help.A friends PC is getting this error: STOP: c000021a [fatal system error]Windows Logon Process system process terminated unexpectedly with a status of 0x00000080' (0x00000000 0x00000000).The System has been shut down.What occurred before this error popped up:1. Upgraded dvd43 software, booted, and this error came up.I have tried multiple things.1. Ran the bootfix2. Tried the Recovery Console with their diagnostics3. Tried to get to Safe Mode and it will not load, goes back to this message.4. Tried to overlay the XP image (refresh it), no avail, back to the same message.I haven't found anything on the web that can help me so far. Looking to take the next step and ask for help.

A:Windows Logon Process system process terminated unexpectedly with a status of 0x00000080

0xC000021A: STATUS_SYSTEM_PROCESS_TERMINATEDThis occurs when Windows switches into kernel mode and a user-mode subsystem, such as Winlogon or the Client Server Runtime Subsystem (CSRSS), is compromised. Security can no longer be guaranteed. Because Win XP can?t run without Winlogon or CSRSS, this is one of the few situations where the failure of a user-mode service can cause the system to stop responding. This Stop message also can occur as a result of malware infestation or when the computer is restarted after a system administrator has modified permissions so that the SYSTEM account no longer has adequate permissions to access system files and folders.I've never gotten this particular error...but if I did, i would treat it as a malware situation until proven otherwise.Louis

Read other 3 answers
RELEVANCY SCORE 44

I really need a commandline program that can produce 32bit icons and Vista Icons from PNG files. It has to be a commandline program since I need to use it in a batch script.

I've tried png2ico, but it can't produce icons with more than 256 colors and a 128x128 resolution. I then tried IconBox/ToYcon, but it didn't work from the commandline.

So could anyone recommend a program like png2ico that can make 32bit icons?

Edit: Tried XnView, but the transparency looked screwed up in the icons it made and it didn't work from a commandline.
Edit: Found an application called "Any to Icon", it worked great except it can't make icons for Vista (256x256 with PNG compression) so I'm still searching...
 

A:Make Icons from Commandline

Does it need to be a windows/dos command line program? I think ImageMagick on *nix can do it. I do something similar but not for icons. I think there is even a windows version of ImageMagick and it's GPL.
 

Read other 3 answers
RELEVANCY SCORE 44

Now we have released our new website!
X-Sec Homepage

X-Sec CommandLine Scanner updated to 1.0.1.1 [2015-12-08]
- Now X-Sec CommandLine Scanner supports Windows XP
- New settings(But Cloud Scan is not available now)
- Fixed a long-existing bug
- XSec_FI.dll updated to 1.0.0.2
- XSec_HE.dll updated to 1.0.0.6
- XSec_VT.dll updated to 1.0.0.1
- X-Sec CommandLine Scanner Updater updated to 1.0.0.3
- Users should re-download our new version to finish this update

XSec_HE.dll updated to 1.0.0.5 [2015-11-26]
- Change rules to avoid some FPs
- Try our best to avoid FPs from other antivirus vendors
XSec_FI.dll & XSec_VT.dll also have an update.
- Using updater can update to this version, please close X-Sec before update[Pop-up will also notify you about this~]

X-Sec CommandLine Scanner updated to 1.0.1.0 [2015-11-21]
- Increase scan speed(About 20%)[On the other hand, the memory usage is larger...]
- XSec_HE.dll updated to 1.0.0.4
- Using updater can update to this version, please close X-Sec before update[Pop-up will also notify you about this~]

X-Sec CommandLine Scanner updated to 1.0.0.9 [2015-11-11]
- Modify some code to avoid crash
- Now, the progress of scan will show in screen dynamically
- Using updater can update to this version, please close X-Sec before update[Pop-up will also notify you about this~]

X-Sec CommandLine Scanner updated to 1.0.0.8 [2015-11-07]
- Fix an issue which can let X-Sec crashed(Thanks to @Mops21 )
- Using updater can update to this version, ple... Read more

A:X-Sec CommandLine Scanner(Beta)

Can't extract the zip file from the website.

This happens with 7zip also. I went onto the other thread and downloaded the pre-beta version in 7z format which works fine. Also the file seems to only have an ini and a md5 file in it.
 

Read other 97 answers
RELEVANCY SCORE 44

Hallo,

Is there a propper way of uninstalling software from my Windows pc via the commandline ?
i found something like:

Code:
msiexec /uninstall MSIPACKAGE.msi
But this works only if i got the MSI-package i installed the software with.
(It also does not work if i got a newer version MSI package of the same Software)

So is there an other way?
How windows does remove the software if i click in the "Program & Features Panel" to remove Programs?

A:Uninstalling Software via commandline

This any help?

Standard Installer Command-Line Options (Windows)

Read other 7 answers
RELEVANCY SCORE 44

I can't get the CommandLine$ variable to work right...
I wrote this code to test it:


Code:
print CommandLine$
timer 10000, [End]
wait
[End]
end

Then I associated .test files with the program's exe, and then tried to open the file, and the program ran, and printed nothing. Anyone know what i'm doing wrong?
 

Read other answers
RELEVANCY SCORE 44

hi guys my problem is my copy of XP Pro Corp has lost all extra command line functions such as: Ping, Netstat, SFC, CHKDSK. i hear a way to repair my problem is to run SFC (system file checker) but i dont have it. i tryed to reinstall windows but it freezes up half way through. the only way i can get back into windows after that is by formating and restoring my backed up copy which is the same flawed copy. so if you guys can help me at all i would apriciate it
 

A:Lost Commandline exexutables

Welcome to TSG....

hi guys my problem is my copy of XP Pro Corp has lost all extra command line functions such as:

It looks as though you are using the illegal version of windows xp pro the corporate version and I believe it has a leaked key code. This is against thew forum rules

Tech Support Guy Site Rules
http://www.techguy.org/rules.html

I think this is the wrong forum for this.
 

Read other 1 answers
RELEVANCY SCORE 44

Hello guys.

Me and xywcloud are working together to better develop x-sec commandline scanner. I would like to make clear that xywcloud made the commandline scanner, not me. Currently, i've just made the website and started working on the cloud-based engine.

Web: xsec.comule.com
Virus Submission: xsec.comule.com/vsub/
Direct Virus Submission [email protected]
 

A:X-Sec CommandLine Scanner (Pre-Beta)

Hello again guys.

You can download X-Sec CommandLine from xsec.comule.com/Products/

Things to note.
- X-Sec will NOT delete infected files.
-Currently, definition updates do no exist, so if you want new defs, you must redownload the file.
-X-Sec Huer Engine generates MANY false positives.
-The engine is very fuzzy

Please leave feedback if you do decide to download it and use it.
 

Read other 59 answers
RELEVANCY SCORE 44

Hi,I need help in getting rid of a virus from my computer.It has taken over all my files and if I do open them advises me I will need to follow a link to pay to get rid of them.It continuously comes up with a pop up asking me to allow access and to make changes.Please help! I am not very good with computers...Thank you Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

A:WMI commandline Utility virus

Louiseannet:
to the Bleeping Computer Am I Infected? - What Do I Do? Forum. My name is Phil, and I would like to address you by your first name, if that is alright with you, since we will be working together
I am sorry to hear of the issues you are having with your computer. Let's run a few preliminary scans to determine how seriously your computer might be compromised.
 

ESET Online Scanner using Internet Explorer:Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.
 
Please disable the active scanning module of your anti-virus software before commencing the ESET scan and re-enable it when the scan is completed.
*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
*Then click the button and ESET will then download updates for itself, insta... Read more

Read other 1 answers
RELEVANCY SCORE 44

We religiously track Windows Application fault events in our environment.

Recently we have noticed that when, Word 2013 x86 version (15.0.4823.1000, 15.0.4805.1001) running on Windows 8.1 x64,  crashes due to corrupted heap, we find suspended winword process that have no running threads.  the ccorrupt heap crashes are of
the type  exception c0000374 in Ntdll.dll at offset 0x000e6054.  We have two different situations in which we can trigger a crash that will produce the corrupted heap.

The problem is after the App crash the Windows Error Reporting service, attaches the WerFault.exe to the crashed process and saves the WER Dump file.  The problem is after this process is finished we are left with Winword.exe process that are in suspended
state.  They are not visible in the TaskManager but they show-up in Procexp,  these process have no running threads and the End task or end task tree have no impact.  The only way to exit the suspended process is to log off the user session. 

The suspended Winword.exe process cause problems when we re-launch a clean word, we have an add-in that detect's the suspended Winword and will not run.

On a test machine we disabled the WER service and of course we no longer see suspended threads, this is not an option for use because stopping the WER service stops logging of all Application Fault event ID 1000 and Application hang 1001 entries from the Application
log.

We also tried to ex... Read more

Read other answers
RELEVANCY SCORE 44

Hi fooks,

I hope you all can read this, i'm from Belgium so my Englsich is not as good as it might be.

I have bought last year a little notebook with Windows 7 Home Premium on it.
On this machine i am the Administrator, and there are no other people on that, or guestaccounts made.

On my desktop i have the utility Process Explorer 15.3 {the executable only} from the site below
Process Explorer

When i dubbelclick the Process Explorer is see al the services and processes on my machine.

A friend of Peter, came to me with his Desktop PC with a death harddrive, so i bought a new one.
I have a DVD with Windows 7 Home Premium that i bought with that other notebook to help other
people and if my computer have a problem. I use to register than the serial on the case of the people that need help.

When i install a new copy of Windows 7 Home Premiun on his computer, and also unpack the Process Explorer.exe on the desktop and lauch that also as admin i see several services or processes with a Patch: [Opening error process] For exsample winlogon does not link to the normal directory, normaly c:/windows/system32/winlogon.exe { i think that is the right one}


See this screenshot i made:
http://www.freebits.nl/images/190error_pe.jpg

I did some Google search on came on this website:
process explorer shows "error opening process" - BleepingComputer.com

Somebody there says: "Right click on process explorer and select run as administrator"

When i do that t... Read more

A:Windows 7 + Process Explorer + Patch: [Opening error process]

You probably have UAC turned off on your computer but not on the your friends computer.

Read other 5 answers
RELEVANCY SCORE 44

Hi,
how can i generate a list of file permissions that an NT group has on a
folder?
Thanks
 

Read other answers
RELEVANCY SCORE 44

1st post so no snickering! LOL

W2k, SP4, IE 6, log's into local account on PC.

I want to see if this user went to yahoo mail and logged in under a specific username (which I have and it is a yahoo account). I need to see if they did or didn't and the time. Anything able to do this with index.dat/stored files or should this be in the security section.

Thanks in adavnce.

Read other answers
RELEVANCY SCORE 43.6

Hello Technet,
I'm currently working in the software deployment field. One application I'd like to distribute is called 7zip. I'm able to distribute the application just fine using the silent installer, but the software does not set itself as the default app for zip files.
I'd like to set the application as the default app so that when users double click a zip file, the 7zip file manager opens.
I searched the web already and found a couple of possible solutions, mostly referring to assoc and ftype commandlines, but they all didn't work for me.
Any help is appreciated.

regards
Martin

Read other answers
RELEVANCY SCORE 43.6

is there a possilbility to remoe and connect networkprinter
from the commandline?

i need this to remote change installt printers on nt 4.0 workstations.

i hope someone can help me.
 

A:change connected printer from commandline?

Read other 8 answers
RELEVANCY SCORE 43.2

From where we can get the below documentation please ? I cannot seem to find an official documentation anywhere. The below are event 4656 access mapping
1537 DELETE 
1538 READ_CONTROL
1539 WRITE_DAC 
1540 WRITE_OWNER
1541 SYNCHRONIZE
1542 ACCESS_SYS_SEC



Glenn Camilleri

Read other answers
RELEVANCY SCORE 43.2

I've just come across MBSA when sorting out a missing IE11 update and am impressed with it.

One item on the reports says:

NeitherLogon Success nor Logon Failure auditing are enabled. Enable auditing and turnon auditing for specific events such as logon and logoff. Be sure to monitoryour event log to watch for unauthorized access.

I've searched here and found several threads (mainly about auditing access to documents - none about Logon/Logoff) in which the route suggested was Control Panel -> Security & System -> Administrative Tools -> Local Security Settings. There is no 'Local Security Settings' in my menu there and a search of my laptop has found nothing.

Is there an alternative route please?

A:How do I enable Auditing?

I forgot to add that the excellent MBSA provides a detailed explanation on every item and a 'how to correct this' link. Unfortunately, though, the link relates only to 'a computer running Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP, or Windows 2000' and also mentions 'Local Security Settings'.

It was very early when I posted this - I must have been half-asleep. I should post this on the Microsoft forum and let you guys get on helping those who need it more than I do.

I withdraw my problem (for now?) and apologise for wasting anyone's time.

Read other 1 answers
RELEVANCY SCORE 43.2

(hey i was wondering what tools you guys use for software auditing?

i found a really cool website adminpal but the web site doesn't seem to be responding right now.

thanks in advance! = ])
 

Read other answers
RELEVANCY SCORE 43.2

From where we can get the below documentation please ? I cannot seem to find an official documentation anywhere. The below are event 4656 access mapping
1537 DELETE 
1538 READ_CONTROL
1539 WRITE_DAC 
1540 WRITE_OWNER
1541 SYNCHRONIZE
1542 ACCESS_SYS_SEC



Glenn Camilleri

Read other answers
RELEVANCY SCORE 43.2

I am trying to find an application that can do an audit of my PC and tell me what applications I have installed and all of their serial and license keys. I know these applications exist cause my company uses one for when we reimage a machine. I am in essence going to be reimaging my machine to either Windows 7 Ultimate 64bit or going with Windows 8.1 64 Bit and dont want to have to check each and every piece of software to get this.

Thanks for the help

A:Software Auditing

Belarc Advisor is free for personal use:

Belarc Advisor - Free Personal PC Audit, for software, hardware and security configuration information on your computer. Software license management, IT asset management, cyber security audits, and more.

Read other 1 answers
RELEVANCY SCORE 43.2

Hey guys/gals, anyone, do any of you all know what is a good auditing program? What I need it to do is go out and tell me what is on each one of my users computer. What software they have on their system, what hardware, bios and all the neat stuff in between.
 

A:auditing program

Try helpdesk software in your search. Many of those, although they're also designed to have call records, contain hardware records on the users. Even if you can't buy the program, perhaps you can download a trial to find out how they've done it. I can't see that it would be too difficult to build one in Access.
 

Read other 1 answers
RELEVANCY SCORE 43.2

commandline standard stream splitter no longer works I get this 10 times.This has to do with the passwords of me john and as an administrator whoI have just made?Whether this is caused by EMET, Microsoft program.EMET after working here no more good, Word 2007 has stopped working properly below.

A:commandline standard stream splitter error

What do you get 10 times? I am not sure I am following you.

Read other 3 answers
RELEVANCY SCORE 42.8

Hello !

I refurbish PCs for a non-profit org. The PCs usually have no OS and I was wondering if there is a free or low cost auditing software that runs from a bootable CD and displays CPU speed and type, RAM and HD size, all from one place. The PCs are all brands and vintages and there's thousands of them!
Thanks
 

A:Need system auditing software that....

Any bootable linux CD should be able to do this. Knoppix, DSL, or MandrakeMove, etc.
 

Read other 1 answers
RELEVANCY SCORE 42.8

Quote:
Memory Usage Auditing For .NET Applications.

Contents
When Memory Usage Affects Speed
What Can Be Done?
Task Manager
Shared Versus Unshared Memory
Application Size
VADump: A More Detailed View
The .NET Garbage Collector
PerfMon
Conclusion


Performance optimization is about one thing: making computer programs run faster. The execution of instructions is cheap for modern computer hardware while the fetching of instruction operands is expensive. Thus, memory usage can have a direct impact on how fast an application executes and is an important metric to optimize. In this article, we discuss the basics of memory optimization for .NET programs. First, we outline the cases where memory access is a bottleneck and is useful to optimize. Next, we discuss the general breakdown of how memory is used in a typical .NET program. Lastly, we discuss tools and strategies to determine the memory consumption of your .NET application and reduce it.


Source -
Memory Usage Auditing for .NET Applications

A:Memory Usage Auditing.......

good update

Read other 1 answers
RELEVANCY SCORE 42.8

Hello All,

I am Using Windows 7 Enterprise and three Users working on my system after I'm leaving to office so Please tell me about any software for Auditing who accessing my file and folder ... i know Group Policy Auditing Option and i have tried it. but i can't easily Read and understanding log..it is very hard.

So i kindly Request to Please give me Auditing Software Name or Link for the same.

Thanks You in Advance..

A:File and Folder Auditing

You need to speak with your IT Admin about this.

Read other 3 answers
RELEVANCY SCORE 42.8

How do I audit events on a stand alone NT 4 server? I've gone into User Manager for Domains and turned it on there, but nothing is showing up under the security portion of Event Viewer. Any help would be great.
 

A:Auditing events on an NT 4 server...

you must also enable auditing on the folders and files you want to monitor activity on. you can do this by going into the properties option when you right-click on a folder/file and selecting the Securities tab. click on the auditing button and set it.
 

Read other 1 answers
RELEVANCY SCORE 42.8

I permanently have 5 instances of svchost.exe running, with the User Name field showing SYSTEM, LOCAL SERVICE and NETWORK SERVICE. None of them show up on a netstat -b listing. Is there a way to monitor what arguments they were launched with, which process launched them, and what they're trying to do?

A:Auditing svchost.exe activity

CProcess is your friend.

Read other 1 answers
RELEVANCY SCORE 42.8

Hi,

would anyone know if there's a possibility to switch off Application and System auditing in Windows XP? I've gone through some articles but neither talked about these 2, only Security. I know that the security function has to be enabled and can be disabled, what about the other 2? It consumes some resources which might be gained from this. I also noticed that Windows 7 logs security as well even if not set. I have 3518 entries in Win 7 Security log even though the audit policy is set to No auditing. Any hints how to disable?

A:Application and System auditing

Erm, what IS "Application and System auditing". I read your post, and went looking around via Google because I had never heard of these things and found no hits that include "application" and "system" both with the word "auditing".

Are you sure this is a XP function, and not some 3rd party software?

What IS it? What's it for, etc.. and why do you want to disable it?

Read other 9 answers
RELEVANCY SCORE 42.8

Does anyone know of any easy to use auditing software for XP machines that can allow you to audit machines remotely? I need to audit software on about 100 machines.

It doesn't necessarily have to be free but a free trial would be great to try it out first.

It would also be great if it could show me windows license keys as well so I know if they are properly licensed.

Thanks in advance!
 

A:Network Auditing Software

Read other 7 answers
RELEVANCY SCORE 42.8

We have been seeing an abnormally high detections of reconnaissance of AD using the SAMR protocol.  According to the ATA documentation on Suspicious activity guide, it recommend using the SAMRi10 tool to block unauthorized queries.  We don't have
AD servers on Server 2016, but it appears that according the following we can do the same with manual registry changes -  https://docs.microsoft.com/en-us/windows/device-security/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.
We started of with auditing, to see how much activity would be blocked. Since the auditing we are getting dozens of events per second.  Is there an easy way of figuring out what on the machines are using the SAMR request? 


I have excluded the all GPOs for computer objects, and we only getting the request on logoff.

Read other answers
RELEVANCY SCORE 42.8

Hi all,

Does anyone know how to turn off the security auditing in Windows XP Home? In Event Viewer > Security, I see a lot of "Success Audits" and I was hoping there was a way to turn them off. Thanks.
 

A:Help with Security Auditing in XP Home

Read other 6 answers
RELEVANCY SCORE 42.8

There is an unknown (to me) entry in my C: drive Security/Advanced/Auditing properties box (see the attached image - the entry in question is the first entry, the S-1..... entry).

Does anyone know what this entry is and if I can get rid of it?

Thanks.

A:Unknown Auditing entity

What does it say if you click 'edit' on the entry? It could be your profile/identity

Read other 5 answers