There are a few ways to approach this. If you have one or two individuals whom you suspect of installing unauthorized software, you can connect to their machine across the network and look around. As a domain administrator, you have full access rights to their drives. Connect to the C$ and/or D$ shares then look for non-standard applications by searching for anything with an EXE extension. You can pipe this to a text file then load it into a spreadsheet if you want to get additional sorting capabilities.
You could also connect to their Registry using REGEDIT and search for keys that belong to unauthorized applications.
Neither of these methods would be apparent to the users. You could script up some slick WMI code that would dump the currently running processes, but frankly, I think you would get more information that is useful by doing the file dumps.
If you have more than a few folks you want to audit, you'll need a more sophisticated approach. The best way would be to install a software auditing tool, but the users will know that you are playing Big Brother.
Dig Deeper on Windows Server storage management
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.