Comings and goings II


Comings and goings II
David Gabel

We appreciate feedback from readers and users. It keeps us and our tipsters on our toes. But this one required some further discussion, and so we solicited a reply from tipster Adesh Rampat.

User Mark E. Rohrer writes as follows. "[The tip]

Requires Free Membership to View

'Tracking comings and goings,' by Adesh Rampat, [posted on] 13 Nov 2001, deserved the one that I gave it, and would have received a negative rating if possible due to the damage it may do to innocent people if the tip is taken at face value. It is not enough to look at the event code for logons (528), but the "Type" must also be analyzed. For physical logons and logoffs, Event Codes 528 and 529 of Type 2 are the defining events. Other common types are 3, [which] normally occurs when a user makes a network connection such as mapping another network drive, and 7, [which] indicates a system was unlocked (such as when a screensaver that locks a workstating is unlocked). Without the added 'Type' guidance, more damage than good was offered, and can lead to company liability in judicial cases if investigators take the tip at face value.

Adesh Rampat replies: "This article was written not to override or go against any legal policies and not to be used as a sole criterion in monitoring employee activities. As part of a security policy, employees should log off from their workstations at the end of the workday and should not be using screen savers (with password protection) when they leave their offices. [But if that is not the case, then] during the course of the working day the "Type" may come in handy, especially if you wish to monitor the additional issues mentioned."

We thank Mr. Rohrer for his amplification, and Mr. Rampat for his further elucidation.

David Gabel is the executive technology editor of TechTarget.

This was first published in December 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.