I'm looking for a software that can either combine the ability to monitor user acitivty and support user interactively or two different ones.

For monitoring user's activity, I'm looking at a software called Spector CNE. (www.spectorcne.com).

For support activity, I'm using VNC but wouldn't mind something better. MSFT live meeting is kinda cool but yeah the licensing is a bit too $$ for me.

This will be for roughtly 200 seats so any suggestions and food for thought

 

For user support, our company is using Altiris with good success. Not sure about the licensing cost though. Altiris will also handle software inventory & deployment and help desk ticketing if you want to buy those too.

If they're XP clients you can always enable Terminal Services Admin Mode for $0 - though you can't interact w/ the user via TSA.

Got nothing for ya on user monitoring.

 

for support, i use netmeeting and i can take control of their machine while they are seeing what i'm seeing...

 

net meeting is msft right? ($$) unfortunately and I thought about that one too..

 

netmeeting is part of windows, even in 98...

are you running mac or *nix?????

 

From their web page
"Spector CNE adds a whole new dimension to Internet monitoring. Now you can record everything your employees do online, including instant messages, chats, emails sent and received, web sites visited, applications launched, network connections established and bandwidth consumed, files downloaded, files copied to removable media, and keystrokes typed."

Is the HR dept going to set up guidelines on what is going to be recorded and save? Is some sort of retention policy going to be put in place for this stored data.

If you are worried about what people are doing on the internet, why not just block it?

 

well I do block quite a few sites already and the firewall blocks everything else I miss.

We're starting to see some problems internally with people abusing the network so I'm trying to find some kind of software to watch specific user activity and record as much as I can to blah blah for the HR.

Btw, I totally forgot that I'm on a MSFT environment.

Thanks for the responses though

 

What kind of firewall do you have? You can get something like websense, that keeps track of all user, and makes nice reports.

 

We used to use Webex - very similar to NetMeeting. Not sure how it compares cost-wise.

 

Sonicwall firewall here.

Never thought about websense... Hmmm is there a way to track their personal email activity? I.e. hotmail/yahoo/google. As much as I don't like to pry into the personal stuff, I really don't any other alternative so...

I know webex is not cheap but we do use it a lot for the conference calls/meetings w/ 3rd party vendors so I guess I can look into that as well.

Ultimately, the user interaction would be for support since I don't want my team to be running around the entire office fixing stupid stuff so any way to streamline and make it virtual the better.

As for the user activity, unfortunately I gotta be the bad guy and watch everything so I guess I'm gonna have to look around for softwares.

Thanks! Keep it coming!

 

May I as why the sudden turn to the Draconian? I ask because we've been down that road w/ a product called SurfMon a number of years ago.

Usually people pursue this route for one of three reasons:
1. They believe users are screwing around rather than working
2. They service a public facing website on the same pipes that service their corporate traffic
3. They are legally obligated to ensure certain traffic isn't leaving their network

If 1, your better policy is to put something in the HR handbook for all employees and then, if suspicion arises, check their Internet Temp Files, Web History and MRUD's - which can be done remotely quite easily. If they're in violation, take action as laid out in the handbook.

If 2, you really should segregate your traffic with different physical egress points and subnet between the two. Once you segregate traffic, you can restrict the flow on the corporate pipe quite easily. If you hang a copy of Snort off a mirror port (mirroring the switch interface to your default gateway) you can watch for specific traffic w/o watching what that traffic specifically contains.

If 3, you're hosed. Hire a Liberal Arts graduate to do implement and monitor this crap for you because you really don't want to deal with it. It's interesting for about a day.

If you still need to implement a monitoring solution:
1. Are your users spread over a geographically disperse area?
2. Are they on different subnets?
3. Are their egress points all the same physical device?

 

Websense gives you filters to block sites by groups. Then you could stop all that access to personal mail. The only email a user at work needs is work email. That should all be defined in the AUP.

Or you get a proxy server, and force all the traffic though the proxy. A proxy server has outstanding logging.

AIM is hard to block, becase it uses any port they want it too, so you have to block all the AIM servers. It's like a virus. You attack Yahoo, and MSN messaner the same way.

My personal view is to choke them at the internet gateway then install all kinds of software on the workstations.

I work in the area of managed firewalls, so I do alot of this stuff.

 

All of the IM stuff has been blocked both at the firewall and the group policy level so I'm not really concerned with that.

The problem that I might be facing is that some individuals might be using their personal email to send information and I need to somehow track/verify this as quietly as posisble. Blocking the hotmail/yahoo won't be a good idea as a good amount of people use this on a regular basis so thus the difficulty. It's one of those deals where I need to catch them in the act.

That one spector looks good but I've never heard of them so I figure I'd ask around since I know other admin's have dealt with this problem.

On a side note, if you guys have any other tools and tricks up your sleeves that you can tell me about, I'm all ears! Allen, if you make it to BB I'd love to pick your brain

Thanks again for the responses. This is definitely an eye opening experience!

 

Why not use a packet sniffer. I don't think Yahoo or Hotmail uses https.

http://www.ethereal.com/

 

Ethereal is an excellent tool. Especially for being free. Use it, learn it, live it. It's an excellent educational device too.

GT, I feel your pain, but it's a slippery slope. If your users are comitting a crime of covenience then you'll stop them by making it more difficult for them to send information however if they're determined, they'll move to USB drives, flash memory via an adapter, www.anonymizer.com, CD-ROM burner, photographs of screens. I've seen some very inventive methods for getting things out of the office. You can block all this via an AD policy, granted, but you're setting yourself up. I'm not saying that you SHOULDN'T do this, sometimes it's necessary, but this system, if it's to be relied upon, will become your mistress. Constant attention and vigilance will be necessary. To be clear, I'm not worried about YOU becoming dependant on this utility, I'm worried about your boss, and their boss, becoming dependant on it, which then means @#$% for you.

Easier, might be to setup a span port and run Ethereal (or snort) and capture packets that meet specific creteria. If you can narrow your search to a user, even better. Then you can build a very clear picture of what that user is up to w/o spending any money, and get a very worthwhile tutorial in the workings of the underside of your network. And, by keeping it somewhat archane, your boss won't be asking you for reports every other day.

 

holy cow... no offense dude... but what company is this?

i hoped you had all the workers READ and SIGN the company policy on computer usage before you start doing this.

otherwise, lawsuits might start flying.

granted, it's company property, blah, blah, blah...

 

Okay, just re-read your last post. Here's what you can do before you drop some big bucks:

Grab yourself a desktop system and install windows and then WinPCap and Ethereal. Mirror your switch port that interfaces with your default gateway and hook this desktop to the mirror port. Configure ethereal to grab packets from your suspicious personnel and log it to disk. At the end of the day, you can open up this file (it can be large) and comb through it for relevant information. Using this, you reconfigure Ethereal to grab only packets from your targets which you find relevant (eg source= user1PC & destination=mail.yahoo.com). With ethereal you can even use packet payload data to filter, which means you can grab YM, AIM, GM, packets regardless of what port or destination they're bound for.

Good stuff.

 

http://www.privacyrights.org/fs/fs7-work.htm

You have no privacy outside the bathroom at work.

 

Thanks for all the great information. As much as I really don't like doing this it's something that I'm going to have to do eventually so I might as well hit it hard and learn

I'm definitely going to try out the shareware program as it looks like lots of fun/reading. Allen, if you make the BB trip, we definitely gotta TALK

If ya guys have any other suggestions on programs, by all means type away!

 

The courts have ruled you have no privacy at work. They can sniff your packets, read your email, etc, etc.


Every time I log on to a machine at work, I get a message saying they can monitor my usage of the computer.