This can be done fairly simply from an administrative workstation,
across the network. Every NT machine automatically shares all of it's
drives under \\computername\c$ or d$ etc. These shares can only be
accessed by an administrator (possibly a backup operator). This will
allow you to scan the machine across the network without the users
knowledge. I use it regularly to do virus scans on users machines
across the network.
Chris
>-----Original Message-----
From: Stewart Shinewald [SMTP:stewarts @
cul .
ca]
Sent: Thursday, September 26, 1996 5:38 PM
To: Leonard Miyata
Cc: Firewalls Mailing list
Subject: Re: NT Security
> >Our company is just moving to NT. In the past, when we audited
workstations, it was relatively easy to review the users hard drive for
unsupported software or non company use of resources by using DOS
utilities such as PC TOOLS or NORTON.
Now that a workstation can be secured with a password and NTFS I had
presumed that booting from a floppy and using DOS utilities to scan the
hard drive would not work.
Occasionally, we would audit a pc without the knowledge of the user thus
we would not know the password.
What utility programs would permit an auditor to scan and view in text
format, an entire hard drive including NT File Systems? Will these also
permit the restoration and viewing of deleted files. If files are
password protected or NT encrypted, are you aware of any utilities that
will permit the viewing of the contents of these files?
Stewart Shinewald
|
|
