I actually need to spy on someone.

I have employee that is bipassing my password.

I have an employee that is logging onto my computer and is somehow bipassing my password. I know that he doesn't have the password because I have changed it several times over that past few (3-4) days. He comes to work after I am gone and gets online. Is there a way to secure my machine a little better to keep him from doing this?

I am sorry if I am in the wrong thread to be posting this question. I just thought that it might be a software item that he has installed that I can't locate.

OK so you are probably wanting to know what OS I am on.

Windows XP Professional Version 2002 Service Pack 2.
Thanks

haroldathampton

 

Re: I have employee that is bipassing my password.

Fire him.

Seriosuly.

On a technical note, what OS are you running?

 

Re: I have employee that is bipassing my password.

I had just edited my entry to include my OS. I may have to resort to that option but how can I protect myself in the future?

 

Re: I have employee that is bipassing my password.

Make certain you have a password on the system admin account, make sure you have a good firewall and antivirus.

You need to stay clean of spyware, and viruses, and (very important), keyloggers.

I can almost guarantee he knows your password, and the keylogger would get him the new one every time.

 

Re: I have employee that is bipassing my password.

Is it possible to lock down the other accounts on the system too?

For instance disabling the Guest account and any other unnecessary accounts.

 

Re: I have employee that is bipassing my password.

How about a Boot password? They are not easily cracked.

Matt

 

Re: I have employee that is bipassing my password.

I would also be very worried if you used online banking and credit card purchases if a keylogger has been installed as your employee would also have this information. I don't know the laws where you live but s/he could file a wrongful dismissal suit if you have insufficient proof. Go to the spyware forum and follow the sticky to find out what may be installed. Good luck.

 

Re: I have employee that is bipassing my password.

Thank you ladies and gents. I believe that I am going to do a monitering program so that I can see exactly what it is that he is doing on my computer.

Spybot doesn't show any keyloggers on my computer. I am going to head over to the spy thread and see if I can find some information.

Thank you again.

 

Re: I have employee that is bipassing my password.

OK. Its me again. Which program should I be looking for. My employee is pretty intellegent with a computer and I want something that he won't notice or something the emails me the activity. The employee goes in and erases his tracks to the best of my knowledge. He states that he is not getting on my computer but I have several employees that have physically seen him at my computer and in chat rooms.

I am in a situation that I can't document his behavior because I have no physical proof. I ask the Major, what do I do?

Thanks again.

haroldathampton

 

I need to moniter where someone is going on a computer. They are getting on without permission (bypassing my admin password) and I nned to follow thier tracks. They are computer literate so I need something that will email me the traffice or something that he will not see right away. He is erasing his tracks as he goes so I can't find a way to see where he is going.

I am running a WinXP Pro, Version 2002, pack 2

Thanks.

 

Re: I have employee that is bipassing my password.

As suggested before. Disable the Guest account. Add a password to the administrator account. In fact, I'd change the administrator account name itself.

Just want to say, that one can browse the internet by using a bootable cd with XP (or linux) on it. So, disabling the cdrom and floppy drive might be required.

I'd set up a hidden surveillance camera to watch him. Leave work, go around the block, park somewhere else, then go back into the building.

 

Re: I have employee that is bipassing my password.

That's an excellent suggestion. It's amazing how inexpensive such things are now.

 

Re: I have employee that is bipassing my password.

I don't think it's that simple, you have to have a good reason for that. Written warnings and proof of misconduct, etc. Oh wait! Others has seen him in chat rooms, etc. You could/should just fire him!

Or confront him. Show him who is the boss.

Because there is a possibility that others see that he doesn't get anything from his behaviour so they may start acting the same way...

That's just my opinion.

 

Re: I have employee that is bipassing my password.

In post #9 haroldathampton states the employee already denies accessing the computer so this would be a moot point.

I think theefool is on the right track....in order to legally and effectively deal with the situation and prove what the employee is doing some type of surveillance is in order....the question here is: If using a hidden camera is legal where you live/work...I'd check it out to make sure.

As most AV programs detect key loggers as Trojans check your settings to see if there is one that has been given permission (by the employee) to run. Programs like SpyBot, etc. can only detect what is in their definitions so if it's a newer logger it may not pick it up yet while AV programs (most of them) will detect certain types of activity.

Another thing to check on the computer would be to see if there is a password recovery utility being used. We have several here that will pull up hidden passwords.

Check your registry for suspicious entries (and try to verify) for covert ops programs: key loggers, password recovery utilities, etc. Registry entries are often left behind when uninstalling programs and/or utilizing programs that don't require an actual install.

 

Duplicate thread, see also http://forums.majorgeeks.com/showthread.php?t=76407.

Doubling up confuses issues, wastes time and space, and it not nice to do on MG.

Bazza

 

I merged them.

 

Ok well heres an idea that i thought of just for grins :big grin: run an electric charge through the keyboard and if he touches it he gets shocked lol. j/k. Seriously, maybe try using surveilence if its availible and like wath the thing on a monitor like a block away from the office and when he goes in and gets into your pc, walk, dont drive to the office scince if he sees the car he might make a break for it. Then sneak up to the door quietly then go in while hes in there and confront him.
-the new tech guy

 

Does the guy actually need to use the computer, or this particular computer, to do his job?

If not, it's not too difficult to prevent him from using. If he needs to, then it becomes a lot trickier.

 

No i am not saying that he needs to go do the stupid thing that i said about. That was a joke ok? But seriously, If he just walks right up there like he normally would and sees harolds car pull up infront of the office, dont you think he would know he is comin and run for it? Im saying that if he comes up to the office when he sees the person using his computer, he should like try to be unnoticeable so he doesnt scare the person off. Do that and you catch the guy red handed. And yes halo, i am treating this in a serious matter. But insom. has another good point. If the person needs the computer, what harold can do is give the guy another computer so he stops using yours and doesnt need to sneak around using yours.
-the new tech guy

 

And therein lies the problem. Think about this:

Many users who come here asking for support (and those who just lurk and read) are NOT knowledgeable about computers.

Many of those same users would take the replies they are reading seriously..after all, this is a 'geek' forum so they figure what they are reading is accurate and recommended. So now you have someone taking an off hand comment and implementing it with disastrous results. Who's fault is it? Well, it would be yours for making the 'joke' in the first place and then in turn, MG as a whole would get the bad rep for it.

Moral of the story? Stay on topic. If you don't have something legitimate, helpful and accurate to contribute, stay out of the thread. If you want to joke around, take it to the lounge...that's what it's there for

 

I'm really glad I read this thread. Just this past week, someone tried to log on to my computer and I have know idea who or why. Now, it appears someone is trying to remotely access my hard drive and again, no idea who or why. So, anything I can learn here will lower my stress level.

Also, I've been trying to resolve how to set up separate user accounts/profiles, on XP, so that the desktop they log into is NOT my desktop. So far I've only been successful on one computer out of the dozen in our office. We have a required domain login that changes frequently and I've wondered if that's why I can't set separate accounts/profiles at the XP level, if that makes sense.

 

Re: I have employee that is bipassing my password.

For Harold: You mentioned that your other employees have seen this person use your computer for chat rooms etc, right? Then why not drop down the address bar in IE and see if anything is there. If s/he is computer literate, like you say, then s/he would clear the IE history and delete the temp files from Internet Options resulting in the drop down address bar to be empty and you would know its that person. Only thing is how to prove it?

Hope that helps

 

You know guys, being that I am a regular on Broadbandreports, and see topics like this all the time on there, kind of suprised me that it showed up here.

Haroldathampton has not been on here since last night, so either you guys scared him off, or he was just a lurker wanting to find out how to get into another person's machine.

Unless you make a computer so secure that no one can access it with third part utilities (disable USB, floppy, CD-Rom, secure case), a person will make any attempt to get into said machine.

 

I'd probably talk to my boss about it, or maybe even get in touch with IT. If it's a proper/professional IT dept then there should be server logs noting network accesses from your machine (while you are away).

 

Well, he was certainly asking the wrong questions for that sort of answer.

 

Just because he hasn't been on can mean anything.

To assume it's because he was scared off or had other motives is just your opinion, and not based on any fact.

That is unfair to Harold or anyone else.

I'd like to think we give people the benefit of the doubt and treat them at face value until we are certain otherwise.

 

Re: I have employee that is bipassing my password.

This should be a simple problem to resolve surely. First up, as some have already suggested, why not just confront this person with a witness and tell him to stop. If he doesn't, the situation from your point of view becomes intolerable and you should fire him.

As for preventing this sort of thing from happening in the first place, just do a Google search for "computer lock" or something similar. There are dozens of of reliable programs to handle this sort of thing. You could even have your computer fitted with a physical lock at reasonable cost. Regards, Blueheeler.

 

Not necessarily. In the majority of states in the U.S., employment is "at will." Employer or employee can terminate the arrangement at any time, for any or no reason.

 

OK. I know that I havn't been on the site in 48 hours but that just means that I am running a hotel, hince the "athampton" in my name. I am the AGM and my GM has asked me to research this problem. I know that the information that I am asking for could be used in the wrong manner. I know just enough about computers to know most places to look for his tracks but he seems to erase them. He will go into internet setting and delete only the line items or cookies during the time that he was on the computer. There is not guest logon because I have already disabled that setting.

Someone mentioned a boot password. Is that a good choice?

Responding to another reply on this subject: No he does not need this computer to do his work. In fact he has three other computers to do his work at. This is the only computer that is not on the hotel server and it doesn't have security that those other three have on them placed by the hotel chain. It is a stand alone computer hooked up to WiFi.

I do appreciate the help that you have given me and I will look into most of them. I understand your concern about me misusing any info that I have been given. I just didn't know where else to turn to and have been to this site many times but have never become a member.

Have a wonderful afternoon.

Haroldathampton

 

If the computer is not used by anyone else but the GM, I would suggest a Boot Password to secure the machine, and make sure the case is secured to keep anyone from opening it up.

Even if the computer was on a Domain, it would take no more then 5 minutes to get into the computer if the person has the right tools.

 

Like I said a boot pasword would slow him up, He would have a hard time cracking it. The only way he could get around it would be to remove the case and find the reset jumbers.

I just feel the effort to get around a boot password would slow him down.

Would someone post the pros and cons of a boot password. I'm no expert but this worked for me and my employees.

Firing should be a last resort.

Matt

 

Pros: It keeps someone from booting the computer.
Cons: If you forget it, its a PITA to reset it.

As for firing someone as being the last resort, am I the only one that thinks that bypassing security is worthy of employee termination? I mean, all the jobs I have worked at would fire you for that.

Guess I am old fashioned

 

The trouble is is that XP wasn't really designed for security from the ground up so you have to use 3rd party tools to really be secure such as a SmartCard passkey or a thumbprint scanner, etc.
. Or if no one is supposed to be using your machine while you are gone and you have no automated processes that need to run while you are gone, you can power down and disable the power button with a keylock switch. Those are very simple to install or just disconnect the power switch's connector from the mobo and lock the side panel closed with a padlock. Or you can just have the keylock switch disable the keyboard if processes need to run while you are gone.
. Surveillance camera is also an option as was already mentioned.

.bh.

 

Ok my apologies. But in all seriousness, In my last post i mean that harold should not make himself easily noticeable as this person may notice him and get out of the office before harold shows up. If harold kinda makes himself hard to notice it will be easier to catch the person and confront him.
-the new tech guy

 

It's not that it's not worthy of termination, it's that in some states or countries it's not that easy to fire staff, and you need irrefutable evidence or you can find yourself getting sued or paying substantial compensation.

But yes, you are old and worthy of termination.


Harold, if he doesn't need to use this computer, then things like a boot password, XP password, firewall with password which you can lock would stop him.

These simple things aren't foolproof, but it would deter most people and make it much more difficult, if not impossible for someone to do during work.

 

I would personally start with a bios password.
-the new tech guy

 

Option 1. Buy and install a Removable IDE Hard Drive Bay. It will cost about $30. When you leave work, shut down the PC and Take your hard drive home with you.

Option 2. Check for a physical keyboard logger, if not found then install this free program: CE-Infosys. It encrypts your hard drive and requires you to input your user name and password before the system boot. Generally used with laptops. The hard drive remains encrypted even if put into another PC. VERY difficult to crack.

Good Luck, Be Safe

 

ddoc has another good idea there too. Also, incase the person is listening to your wireless network, encrypt the network so that if you save everything to a server as well he cannot get the data by simply listening to the network. I, for example have home network with a simple 64 bit encryption and it works fine. And check the main computer server for a keylogger as well as if that has the keylogger in it, he just has to connect to the computer from the server and can get everything off of it. So also check the server for a keylogger and encrypt both wired and wireless networks.
-the new tech guy