|
Post by Admin on Jan 20, 2014 10:41:28 GMT -9
Posting some ideas on different security measures and policies.
|
|
|
Post by Admin on Jan 20, 2014 10:41:41 GMT -9
How to Monitor Your Employees' PCs Without Going Too Far
By Robert Strohmeyer, PCWorldMar 22, 2011 6:00PM
Do you know what your employees are doing on the Web? At a minimum, they're probably goofing off watching YouTube videos. At worst, they could be steering your company toward financial ruin. In this quick guide, I'll show you how to keep an eye on employee Internet use and monitor just about everything else they do with their PCs.
I can already hear the groans of disgruntled readers as I type these words (and if you're worried about privacy at work, you have ways to stop your boss from spying on you). But gone are the days when PC monitoring was an optional, draconian security measure practiced only by especially vigilant organizations. Today, more than three-quarters of U.S. companies monitor employee Internet use. If your business is in the remaining quarter that doesn't do so, you're probably overdue for a policy change.
Why You Should Monitor Everything your team does on company time--and on company resources--matters. Time spent on frivolous Websites can seriously hamper productivity, and visiting objectionable sites on company PCs can subject your business to serious legal risks, including costly harassment suits from staffers who may be exposed to offensive content.
That doesn't look like work to me. ActivTrak can give you a real-time look at employees' screens. Other consequences may be far worse than mere productivity loss or a little legal hot water. Either unintentionally or maliciously, employees can reveal proprietary information, jeopardizing business strategy, customer confidentiality, data integrity, and more. And, of course, unchecked Web activity can expose your network and systems to dangers from malware and other intrusions. Even something as simple as a worker's failure to keep up with Windows patches can be a threat to your business, so don't think of monitoring as merely snooping.
Monitoring Software Employee monitoring is just one facet of a larger discipline known as endpoint security, which includes everything from malware protection to policy enforcement and asset tracking. Large enterprise computing environments demand comprehensive endpoint-security systems, consisting of server software coupled with client software on each user's machine, that can handle many of these functions at once. These systems tend to be complex enough to require the expertise of a trained IT pro. But in this guide, I'll be looking primarily at simpler tools designed for smaller organizations.
For a small business, you have several good ways to achieve endpoint security. You can install a Web-hosted system that combines software on the PC with remote monitoring services to protect your computers and enforce compliance with company policies. You can combine a few complementary tools, such as a desktop security suite and professional tracking software. Or, if your company is very small and your budget is tight, you can adopt free tools à la carte.
Symantec's cloud-based endpoint-protection service can monitor all of your company's PCs with minimal setup time. The most secure way to monitor PC use is to deploy a system that consists of a host, server, or appliance together with client-installed software. Unless you have a dedicated IT staff or the budget to bring someone in on a regular basis to check on things, a cloud-based service--such as Symantec.cloud or Trend Micro Worry-Free Business Security--is probably the best choice. These services are relatively inexpensive and easy to set up compared with server offerings, and they give you the flexibility to set and monitor compliance with acceptable-use policies from a single management interface. They also deploy system security updates automatically, block malware, and protect sensitive files to prevent data from leaking out of your company. Better still, these hosted systems effectively protect laptops that frequently leave the office. The cost for a hosted endpoint-security service is generally very low: A five-client license for Trend Micro Worry-Free will set you back less than $300 for two years.
If you're not up for a total security overhaul and you just want to track user activity on a few systems, you have several affordable ways to go about it. Packages such as Interguard Sonar can monitor all e-mail and IM sessions, track and filter Web usage, log users' keystrokes and program use, and capture screenshots on command for as little as $87 per user.
If you're really on a shoestring budget, plenty of free and open-source tools can log PC and Web use. A freebie called ActivTrak, for instance, can keep tabs on which applications your staffers are using and which sites they're visiting, complete with simple reports that give you a pretty clear idea as to how employees are spending their time on their PCs. A word of caution on stand-alone tools, though: Some antimalware utilities can quickly identify and disable stand-alone monitoring tools, so you may need to create an exception in your malware protection settings to ensure that ActivTrak can work properly on your systems.
Best Practices It should go without saying that employee monitoring ought to be just one small component in a comprehensive strategy to protect your business and maintain productivity. Once you've made the choice to monitor, you should follow these general guidelines to ensure your success.
Be forthright: Nobody likes being spied on unwittingly. Unless you think someone on your team poses a serious threat that requires covert monitoring, it's best to be up front with staffers about what you track and why. Many companies accomplish this with a simple statement in the employee handbook telling workers plainly that everything they do on company computers, including individual keystrokes, can and will be tracked. Letting employees know that their behavior is being monitored can serve as a powerful deterrent against unwanted online activity.
Filter proactively: Most good endpoint-security tools include Web and e-mail content filters that can block inappropriate sites and prevent users from sending or receiving files that can jeopardize your business. Use them. By limiting the ways your staffers can get into trouble, you can prevent problems up front.
Check reports regularly: There's little point in generating usage reports if you're not going to look at them. Take the time to at least spot-check the reports that your monitoring software generates so that you can identify potential problems early and take remedial action. Whatever you discover--whether it's a time-wasting Website that everyone is watching this week or a single person who is addicted to solitaire--you can often fix problems with a simple e-mail that tells your team you know what's up: "Just a reminder, people: Chatroulette is not an appropriate use of company time."
|
|
|
Post by Admin on Jan 20, 2014 11:52:38 GMT -9
HERES HOW TO LOCK WORKSTATION FROM USER DELETING IE HISTORY.
How To Use the Group Policy Editor to Manage Local Computer Policy in Windows XP Article ID: 307882
In Microsoft Windows XP, you use Group Policy to define user and computer configurations for groups of users and computers. You create a specific desktop configuration for a particular group of users and computers by using the Group Policy Microsoft Management Console (MMC) snap-in. The Group Policy settings that you create are contained in a Group Policy Object (GPO), which is in turn associated with selected Active Directory containers, such as sites, domains, or organizational units (OUs). With the Group Policy snap-in you can specify policy settings for the following: Registry-based policies. These include Group Policy for the Windows XP operating system and its components and for programs. To manage these settings, use the Administrative Templates node of the Group Policy snap-in. Security options. These include options for local computer, domain, and network security settings. Software installation and maintenance options. These are used to centrally manage program installation, updates, and removal. Scripts options. These include scripts for computer startup and shutdown, and user logon and logoff. Folder redirection options. These allow administrators to redirect users' special folders to the network. With Group Policy, you can define the state of users' work environment once and rely on the system to enforce the policies that you define.
How to Start the Group Policy Editor
To start the group policy editor, follow these steps.
NOTE: You must be logged on to the computer using an account that has administrator privileges in order to use Group Policy Editor. Click Start, and then click Run. In the Open box, type mmc, and then click OK. On the File menu, click Add/Remove Snap-in. Click Add. Under Available Stand-alone Snap-ins, click Group Policy, and then click Add. If you do not want to edit the Local Computer policy, click Browse to locate the group policy object that you want. Supply your user name and password if prompted, and then when you return to the Select Group Policy Object dialog box, click Finish.
NOTE: You can use the Browse button to locate group policy objects linked to sites, domains, organizational units (OU), or computers. Use the default Group Policy Object (GPO) (Local Computer) to edit the settings on the local computer. Click Close, and then in the Add/Remove Snap-in dialog box, click OK.
The selected GPO is displayed in the Console Root. How to Use the Group Policy Editor
The Group Policy snap-in contains the following major branches: Computer Configuration Administrators can use Computer Configuration to set policies that are applied to computer, regardless of who logs on to the computers. Computer Configuration typically contains sub-items for software settings, Windows settings, and administrative templates. User Configuration Administrators can use User Configuration to set policies that apply to users, regardless of which computer they log on to. User Configuration typically contains sub-items for software settings, Windows settings, and administrative templates. To use the group policy editor, follow these steps: Expand the GPO that you want. For example, Local Computer Policy. Expand the configuration item that you want. For example, Computer Configuration. Expand the sub-item that you want. For example, Windows Settings. Navigate to the folder that contains the policy setting that you want. The policy items are displayed in the right pane on the Group Policy Editor snap-in.
NOTE: If no policy is defined for the selected item, right-click the folder that you want and then on the shortcut menu that appears, point to All Tasks, and then click the command that you want. The commands that are displayed on the All Tasks submenu are context sensitive. Only those commands that are applicable to the selected policy folder appear on the menu. In the Setting list, double-click the policy item that you want.
NOTE: When you work with policy items in the Administrative Templates folder, click the Extended tab in the right pane of the MMC if you want to view more information about the selected policy item. Edit the settings of the policy in the dialog box that appears, and then click OK. When you are finished, quit the MMC. Example
The following example illustrates the use of the Group Policy Editor to customize the Windows XP user interface. In this example, we will use the Group Policy Editor to temporarily remove the Turn Off Computer button from the Start menu. To do this, follow these steps: Start the Group Policy Editor and open the Local Computer policy by using the steps provided in the How to Start the Group Policy Editor section of this article.
NOTE: You can start the Group Policy Editor snap-in from the command line. This automatically loads the Local Computer GPO. To do this, follow these steps: Click Start, and then click Run. In the Open box, type Gpedit.msc, and then click OK. Expand User Configuration (if it is not already expanded). Under User Configuration, expand Administrative Templates. Click Start Menu and Taskbar. In the right pane, double-click Remove and disable the Turn Off Computer button. Click Enabled, and then click Apply. Click Start.
Notice that the Turn Off Computer button is no longer displayed. Select the Remove and disable the Turn Off Computer button Properties dialog box. Click Not Configured, then click Apply, and then click OK. Click Start.
Notice that the Turn Off Computer button is again displayed on the Start menu. Quit the Group Policy Editor snap-in.
|
|
|
Post by maryafleming on Jul 13, 2016 23:08:00 GMT -9
Thanks for sharing the great tip
|
|
|
Post by Admin on Jul 19, 2016 8:04:44 GMT -9
You're welcome, thanx for using this forum.
|
|