This person (presumably sysadmin) can read log files time to time. These files consist of records from which network nodes and when particular data files had been downloaded/uploaded.

But, i think it can become very tedious to go line by line. But, of course, if such log file is avaialble , then it can be copy pasated to .txt file and particular search also can be executed.

Good to know all this. Thanks.

This can be automated using WSH (Windows Scripting Host) and vbscript or jscript for the scripting language.

Just have the script monitor the file attributes (dates) on a regular basis and notify someone if something changes. WSH scripting can monitor just about anything going on with a computer and/or network.

There are probably a thousand variations of this idea that will do the job programmatically.

Hooker

FTP--I don't know enough about it, but this may start you in the direction towards your answer:

http://windowsftpserver.com/

Is this regarding files that people are working with and need access to (as part of their job), or files that they can access on the server but don't actually need access to (and which should be locked to prevent access), such as the marketing personnel being able to access the payroll personnel files?

Actually, we are concerned about the files , which are allowed to access to some users and we suspect the users being thief of those important files. For example, the project engineer or drawing department worker stealing the important drawings and getting them copied or sold outside.

Well I don't know enough about the data usage footprints that are left when you open and copy files, but you will also need to be aware of the "Print Screen" function which allows users to copy the desktop screen to an image file rather than save the file directly (ie- the network file is still logged as being read, not saved somewhere). For the very crafty, there is always the "take a picture of the screen using a digital camera". This actually works quite well to, so is another possible threat.

There isn't really a lot you can do if you cannot directly monitor the copying of a file (unless you perform a physical search of removable media like memory sticks and catch the person). Someone here may have some ideas regarding available monitoring software that can be loaded onto the remote computers connected to your network server such as keystroke or file transfer monitoring that you can then monitor remotely.

Yes, you are very correct. There are other ways also to copy the files and theive. But, the ways mentioned by you can be tedious for the person who is practising this and it is prone to be caught and so most of them will not dare that. The easiest way is to copy the files and paste them to the removable media, which should be easily traceable.

If you have a suspect computer you can go to control panel >system and then bring up the device manager and disable the hardware used for steal the information-- CD-R, Floppy drive and USB ports. I don't think they can be enabled without administrative privileges. I had a guy at work that would watch DVDs all night and I just disabled that drive and we started getting some work out of him.

I found these--Look through them: http://www.find-software-on.net/AllSoftware.php?char=U

Good luck--K T

THANKS A LÖT

No problem, glad to do it, but I have just as many questions about it as you do--If you resolve this can you report back here, with what you did? Thanks

Regards.

I have noticed in offices that all removable drives/ sticks etc are not fitted in all systems.

Only sysadmins have the facility & access to.

However there are some SW-Tools to monitor & record or even block such activity.

like:

DETECTOR.......... Detects unauthorised attempts to access your computer over the network. Program listens on ports selected by you and lists any attempts to connect to them. Allows you to track down where connections are coming from and do something about them.....(free).....GO THERE! <http://www.roadkil.net/>

&

DBA.exe [FreeWare]

transmission security tool to detect interception digital units

http://www.winsite.com/bin/Info?26500000036921

Trace of access by a local worker can be erased in many ways:

Click Start -> Documents. What do you see?

Answer: it's a list of recently used files on your system.

This is just one example of how anyone can see what you've been doing on your PC -- and that's just the tip of the iceberg, of course!

So, is there a way to keep what you do on your PC private? Absolutely!

"XXXXX" will thoroughly clean traces from your PC history!

And the latest :

http://www.giveawayoftheday.com/overspy/

download just now. It says:

Giveaway of the Day - OverSpy

January 28, 2009OverSpy captures all online conversations, web sites visited, all emails sent and received, all keystrokes typed, all computer operations and opened documents, and takes screenshots every few minutes. Total surveillance!

All this is happening in full stealth mode so the person you are monitoring will never be aware of it.

OverSpy is available as a Giveaway of the day! You have 13 hours 2 minutes to download and install it.

Hope of some help

And:

Advanced SystemCare package.
Pro and Free versions are available.

Download

or learn more

A problem in installing OverSpy:

AVG8 Free is blocking to register one of the dll files'