This article will, to some extent, be devoted to security. I recently had an idea how to check which applications are using the Internet connection, where traffic can flow, through which addresses the connection goes, and much more. There are users who also ask this question.
Suppose you have an access point to which only you are connected, but you notice that the connection speed is somehow low, call your provider, they note that everything is fine or something similar. What if someone is connected to your network? You can try using the methods in this article to find out which programs that require an Internet connection it uses. In general, you can use these methods as you please.
Well, let's analyze?
Netstat command to analyze network activity
This way without using any programs, we just need the command line. Windows has a special utility called netstat that analyzes networks, let's use it.
It is desirable that the command line be run as administrator. In Windows 10, you can right-click on the Start menu and select the appropriate item.
In the command line, enter the netstat command and see a lot of interesting information:
We see connections, including their ports, addresses, active and pending connections. This is certainly cool, but this is not enough for us. We would like to find out which program is using the network, for this, together with the command netstat, you can use the –b parameter, then the command will look like this:
| netstat –b |
Now the utility that uses the Internet will be visible in square brackets.
This is not the only parameter in this command, for a complete list, enter the command netstat –h .
But, as practice shows, many utilities command line do not give the information that I would like to see, and it’s not so convenient. Alternatively, we will use a third party software- TCPView.
Monitoring network activity with TCPView
You can download the program from here. You don't even need to install it, you just unpack it and run the utility. It is also free, but does not support Russian, but this is not particularly necessary, from this article you will understand how to use it.
So, TCPView utility monitors networks and shows in the form of a list all programs connected to the network, ports, addresses and connections.
In principle, everything is very clear here, but I will explain some points of the program:
- Column Process, of course, shows the name of the program or process.
- Column PID indicates the identifier of the process connected to the network.
- Column Protocol indicates the protocol of the process.
- Column Local adress- the local address of the process on this computer.
- Column Local port- local port.
- Column Remote adress indicates the address to which the program is connected.
- Column State- indicates the status of the connection.
- Where indicated Sent Packets and Rcvd Packets indicates the number of packets sent and received, the same with columns Bytes.
Also, using the program, you can right-click on the process and end it, or see where it is. 
If you see lines of different colors, for example, green, then this means a new connection has been started, if red appears, then the connection is complete.
That's all the main settings of the program, there are also crayons parameters, such as setting the font and saving the connection list.
If you like this program, be sure to use it. Experienced users will find exactly for what purpose to use it.
If you want to find out how much traffic your Windows computer is using for certain time, then you need to use third-party solutions... In the Task Manager or Resource Monitor, only the current values of network consumption are available, so these tools are not suitable for monitoring traffic over a specific period. Some routers and modems collect data on consumed traffic - you can view these values by accessing the device admin panel.
Why monitor your traffic at all? Traffic accounting is simply necessary when using metered Internet connections, but it can also be useful on unlimited tariffs.
Some ISPs limit monthly traffic at certain rates. If the limits are exceeded, the user either needs to pay for an additional quota, or be content with a reduced connection speed until the end of the reporting period. Traffic monitoring allows you to avoid such unpleasant situations.
Traffic analysis allows you to better understand how much data you consume during the reporting period. This information will be useful when changing your Internet service provider or tariff plan.
The tools below are designed to track traffic on Windows computers... All programs are free and tested on computers running Windows 7 and Windows 10.
Is a free utility for monitoring traffic in Windows. The program monitors daily, weekly and monthly traffic consumption and displays a widget on the desktop with visualization of data transmission and reception processes.
Users can configure alerts, set provider restrictions and calculate traffic using the built-in calculator. BitMeter II allows you to run a counter, during which you can track various connection metrics.
The Statistics section displays data on traffic consumption for the last few hours, days and months. You can view them in graphical or tabular form.
GabNetStats
- portable program for devices Microsoft Windows, which allows you to track consumed traffic and other indicators. The program ran smoothly on all test systems and immediately started tracking traffic.
Left click on the system tray icon opens the graph and traffic statistics. The widget closes automatically after five seconds, but you can change this behavior and make the widget always appear on the desktop.
The program monitors the sent and received data bytes, the average connection speed and many other parameters. Select Advanced Statistics to view the total number of packets received and sent, the number of routes and IP addresses, and TCP / IP configuration information.
The developer's website is no longer available, but you can download the program from our site.
Note: to install this program in new Windows versions 10 it is recommended to configure compatibility with earlier versions of Windows. To do this, right-click on the downloaded file and select Properties> Compatibility> Run program in compatibility mode for: previous version Windows.
NetSpeedMonitor shows inbound and outbound traffic in the notification area of the taskbar (system tray). Hover your mouse over the icon to view traffic for a specific session, day, or month. Clicking the right mouse button opens the available parameters and interface of traffic statistics for a certain period.
The program is available as a separate installer and portable version. The utility is fully compatible with all modern versions of Windows.
Note: portable version gave an error in Windows 10 when trying to start without administrator rights.
When NetTraffic starts, it displays a graph of network activity on the desktop with the amount of data sent and received. By default, the window is always displayed in the foreground, but you can turn off this mode, resize the window and other work parameters.
A right click on the icon in the system tray opens access to parameters, statistics and additional tools. In the statistics section, you can see the traffic consumption for the selected period or for separate time intervals: month, day or year.
In the settings, you can change the design of the widget and set a quota for the volume of traffic. Available networking utilities include ipconfig, netstat, and route.
The program was distributed free of charge, now new versions have become paid. At the same time, the previous, free version of the utility (Networx 5.5.5) is still available for download on our website and has no limitations in functionality.
Immediately after launching Networx starts monitoring traffic consumption, and an application icon appears in the system tray. Double-clicking on the icon opens statistics: you can view general data, as well as data for the day, week, month, breakdown of data by application. For convenience, different views of the data are placed on separate tabs.
You can use the program to monitor the traffic consumed by individual applications. To do this go to Settings> General and in the section Observe connections enable the parameter Ignore local traffic (within the network).
Right click on the system tray icon to access additional features. You can turn on the display of the widget on the desktop to monitor traffic consumption in real time, start measuring the connection speed, or open the screen for setting quotas.
There are several network tools available to users such as trace route or ping.
comparison table
Unfortunately, some of the listed tools are no longer supported. Without a doubt, it is the most professional traffic monitoring solution with powerful functionality, but the free version of the utility is also no longer supported by the developer.
At the same time, it's worth noting that Microsoft is testing the built-in tool in Windows 10 (version 2003), which is expected to be released in spring 2020.
You probably know about the presence of a built-in firewall in it. You may also know how to allow and block access of certain programs to the network in order to control incoming and outgoing traffic. But did you know that the Windows firewall can be used to log all connections that go through it?
The Windows Firewall logs can be helpful in solving specific problems:
- The program you are using cannot connect to the Internet, although this problem is not observed with other applications. In this case, to fix the problem, you should check if the system firewall is blocking the connection requests of this program.
- You suspect that the computer is being used to transfer data malware and want to monitor outbound traffic for suspicious connection requests.
- You have created new rules for allowing and blocking access and want to make sure that the firewall correctly processes the given instructions.
Regardless of the reason for its use, enabling event logging can be challenging as it requires a lot of configuration manipulation. Here is a clear sequence of actions on how to activate the registration of network activity in the Windows firewall.
Access to firewall settings
First, you need to go to the advanced settings of Windows Firewall. Open the control panel (right-click on the Start menu, the "Control Panel" option), then click the "Windows Firewall" link if the view mode is small / large icons, or select the "System and Security" section, and then "Windows Firewall" ”, If the view mode is category.
In the firewall window, select the option in the left navigation menu “Advanced Options”.
You will see the following settings screen:
This is the internal technical side of Windows Firewall. This interface allows you to allow or block program access to the Internet, configure incoming and outgoing traffic. In addition, this is where the event registration function can be activated - although it is not immediately clear where this can be done.
Access to log settings
First, select the option “Windows Firewall with Advanced Security (Local Computer)”.
Right click on it and select the "Properties" option.
This will open a window that can confuse the user. When you select the three tabs (Domain Profile, Private Profile, Public Profile), you will notice that their contents are identical, but refer to three different profiles, the name of which is indicated in the title of the tab. Each profile tab contains a button to configure logging. Each magazine will correspond to a different profile, but which profile are you using?
Let's take a look at what each profile means:
- The domain profile is used to connect to the wireless Wi-Fi networks when the domain is set by the domain controller. If you are not sure what this means, it is best not to use this profile.
- The private profile is used to connect to private networks, including home or personal networks, which is the profile you are most likely to use.
- The public profile is used to connect to public networks, including restaurants, airports, libraries, and other institutions.
If you are using a computer on a home network, go to the “Private Profile” tab. If you are using a public network, go to the Shared Profile tab. Click the "Configure" button in the "Logging" section on the correct tab.
Activating the event log
In the window that opens, you can configure the location and maximum size of the log. You can set an easy-to-remember location for the log, but in reality, the location of the log file doesn't really matter. If you want to start event logging, in both drop-down menus “Record missed packets” and “Record successful connections” set the value to “Yes” and click “OK”. Continuous operation of the function can lead to performance problems, so activate it only when you really need to monitor connections. To disable the logging function, set the value “No (default)” in both drop-down menus.
Exploring magazines
Now the computer will record the network activity controlled by the firewall. In order to view the logs, go to the “Additional parameters” window, select the “Monitoring” option in the left list, and then in the “Logging parameters” section, click the “File name” link.
Then the network activity log will open. The contents of the log can be confusing for an inexperienced user. Let's take a look at the main content of the log entries:
- Date and time of connection.
- What happened to the connection. The “ALLOW” status means that the firewall allowed the connection, and the “DROP” status indicates that the connection was blocked by the firewall. If you are having problems connecting to the network a separate program then you can pinpoint that the cause of the problem is related to the firewall policy.
- Connection type - TCP or UDP.
- In order: the IP address of the source of the connection (computer), the IP address of the destination (for example, a web page) and the network port used on the computer. This entry allows you to identify ports that require opening for software to work. Also watch out for suspicious connections - they can be made by malware.
- Whether the data packet was successfully sent or received.
The information in the log will help you figure out the cause of the connection problems. The logs can also log other activity, such as target port or TCP acknowledgment number. If you need more details, see the “#Fields” line at the top of the log to identify the value of each metric.
Remember to turn off the logging feature after shutdown.
Advanced network diagnostics
By using the Windows Firewall log, you can analyze the types of data processed on your computer. In addition, you can determine the causes of network problems associated with the operation of the firewall or other objects that disrupt the connection. The activity log allows you to get acquainted with the work of the firewall and get a clear picture of what is happening on the network.
Built-in OS administration tools are not always convenient or often do not have sufficient functionality, so the system administrator's arsenal is eventually replenished with useful utilities, add-ons and scripts that greatly simplify everyday tasks. It is doubly gratifying when the found solution not only helps to cope with a specific problem, but is also distributed free of charge.
Advanced IP Scanner
The sysadmin must know everything about the systems operating on the network and quickly access them. Advanced IP Scanner, designed for fast multithreaded scanning, helps to cope with this task. local network... AIPS is provided completely free of charge, without any reservations. The program is very simple and straightforward to use. After starting AIPS, it checks the IP addresses of the network interfaces of the host on which it is installed, and automatically assigns the IP range to the scan parameters; if the IP does not need to be changed, then it remains to start the scan operation. As a result, we will get a list of all active network devices. All possible information will be collected for each: MAC address, manufacturer network card, network name, user registered in the system, available shared resources and services (shared folders, HTTP, HTTPS, and FTP). Almost all scanning options can be configured, for example, change the speed or exclude scanning of a certain type of network resources (shared folders, HTTP, HTTPS and FTP). You can connect to any resource with one click, you just need to mark it in the list. AIPS is integrated with the Radmin program and during the scanning process finds all machines with a running Radmin Server. The scan result can be exported to a file (XML, HTML or CSV) or saved in the "Favorites" (drag-and-drop supported). In the future, if you need to access the desired client computer, you do not need to scan the network again. If the remote device supports the Wake-on-LAN function, it can be turned on and off by selecting the appropriate menu item.
NetWrix, a company specializing in the development of solutions for auditing changes in IT infrastructure, offers ten free and very useful utilities designed to significantly simplify the administration of Windows OS. For example, NetWrix Inactive Users Tracker allows you to solve one of the pressing security problems - the presence of inactive accounts that no one uses for some time (dismissed employees, business trips, moving around the job, temporary registration, etc.). HR managers rarely warn the IT department about changes, and such an account can easily be exploited by an attacker. The utility periodically checks all accounts in the domains and reports those that have not been accessed for a certain time. In the Free version, as actions, it is possible to specify only a warning by e-mail (it is enough to set the SMTP parameters), all other operations are performed manually by the administrator, although the warning in our case is sufficient. The paid version includes: automatic installation random password, deactivation account and moving to another OU, filter OU to find accounts. The get-NCInactiveUsers PowerShell cmdlet is offered separately, which allows you to get a list of inactive users (the "lastLogon" attribute is checked) and to simplify the writing of the corresponding scripts.
WinAudit Freeware
WinAudit is a free utility from Parmavex Services that allows you to perform a complete system audit. Does not require installation, can be run in command line mode. The program has a simple and localized interface, it can run on all versions of Windows, including 64-bit. Collecting data takes about a minute (process time may vary depending on operating system and computer configuration), the resulting report consists of 30 categories (configurable). As a result, the administrator can receive data about the system, installed software and updates, indicating the version and vendor, connected devices; a list of open network ports (number, service, program, etc.) and open folders; active sessions; security installations; access rights to the periphery; information about accounts and groups; list of tasks / services; startup programs; log records and system statistics (uptime, memory usage, disk usage). You can also search for specific files by name. For example, to find music and video on a user's hard disks, it is enough to set the appropriate extensions (avi, mp3, etc.). The result can be opened as a web page, exported to a file of many popular formats (txt, XML, CSV, PDF) or to a database (using the wizard, all popular are supported: MS SQL, MS Access, MySQL, Oracle and others), send by e-mail and print.
Computer accounting with CheckCfg
The problem of accounting for office equipment and software used is acute in any organization. You can solve it different ways, one of the options is offered by the developer Andrey TatukovCheckCfg. This solution periodically collects data about hardware, OS and programs, including CPU type, amount of RAM, disk space, S.M.A.R.T. etc. At the same time, CheckCfg easily copes with several hundred computers. The result is displayed in a convenient tree-like form, local directories are easy to access. Each PC can be assigned an inventory number, if necessary, it is easy to generate a report in RTF format.
CheckCfg is a whole complex of programs. For the direct collection of data about the computer, CheckCfg is responsible, which is launched at the start of the OS and writes the result to a file. Information is managed and archived using the Sklad accounting program, which processes the files created by CheckCfg and saves them to its database, after which reports can be generated. With the help of the Sklad_w program, you can conveniently view the current configurations of computers and basic data on office equipment (by IP-addresses, CPU, Memory, software). To analyze changes in the PC configuration and notify the administrator about this, another utility is used - Doberman. Perhaps the setting will not seem entirely trivial, since you have to manually create the necessary configuration files, but the detailed description on the site and the available templates allow you to figure everything out without problems.
MailArchiva Open Source Edition
Some mail servers, such as MS Exchange, have mail archiving functions that allow you to find old messages if necessary, including to reveal leakage of confidential information when investigating incidents. In other cases, you have to provide these functions yourself. A variant of the solution is the development of MailArchiva, which is compatible with most modern mail servers (Lotus Domino, MS Exchange, MDaemon, Postfix, Zimbra, Sendmail, Scalix, Google Apps). Archiving via SMTP, IMAP / POP3, WebDAV and Milter protocols is supported (the program has a built-in SMTP and Milter server, IMAP / POP client). To avoid collecting all mail, you can create any archiving rules. Three levels of access to saved data are implemented - user (only own mail), administrator (settings and own mail) and auditor (all mail, can be limited by rules). The Open Source version of MailArchiva also offers intuitive search functionality, including attachments (Word, PowerPoint, Excel, OpenOffice, PDF, RTF, ZIP, tar, gz). MailArchiva works on Windows, Linux, FreeBSD and Mac OS X.
Performance Analysis of Logs
In case of system performance problems, detect the bottleneck using standard Windows Performance Monitor without experience is quite difficult. In order to figure out which metrics you need to take and how to correctly interpret the result, you will need to carefully go through the documentation. The PAL utility (Performance Analysis of Logs, pal.codeplex.com) makes finding the bottleneck much easier. Once launched, it scans the logs and analyzes them using built-in templates. Currently, there are settings for most of the popular MS products - IIS, MOSS, SQL Server, BizTalk, Exchange, Active Directory and others. After starting, the administrator activates the necessary counters in the PAL Wizard by simply selecting a template from the list of proposed ones, specifies the current server settings (number of CPUs and others), the analysis interval and the directory for saving the result. After a while, a detailed HTML and XML report will be issued containing the description, counter name and metrics (Min, Avg, Max and Hourly Trend). The report can then be easily copied to any document. But you will still have to understand the collected parameters on your own. Although if the PAL shows that the characteristic is in the green sector, you should not worry. The request itself is saved in the PAL.ps1 PowerShell script, which can be saved for later use. Templates are XML files; taking any of them as an example, you can create your own version. The built-in PAL Editor is available for editing parameters in the template.
Win7 is officially supported, but works on all MS OSs, starting with WinXP (32/64). To install, you need PowerShell v2.0 +, MS. NET Framework 3.5SP1 and MS Chart Controls for Microsoft .NET Framework 3.5.
Create an Access Point with Virtual Router
The situation when a computer with a Wi-Fi card needs to be turned into an access point is by no means rare today. For example, you need to quickly deploy a WLAN or expand your Wi-Fi coverage. Initial work wireless card provided only in one of two modes: point-to-point, when clients connect to each other, or as an access point. In Win7 / 2k8 (except for Win7 Starter Edition), it became possible to virtualize network connections (Virtual Wi-Fi technology), which allows you to create several Wi-Fi modules with their own settings using one physical Wi-Fi adapter. Thus, the computer can be connected to Wi-Fi and at the same time act as an access point (SAPoint, Software Access Point). The connection to this virtual hotspot is secured using WPA2. You can turn a PC running Win7 / 2k8R2 into an access point using the Netsh console utility, through the Network and Sharing Center, or using the Virtual Router application, which has an intuitive GUI and very simple settings. After starting Virtual Router, you just need to specify the SSD and the password to connect, and then activate the access point. If necessary, you can also stop the hot spot by pressing one button. Additionally, the window displays the current connections to the point, for each you can set its own icon and change some parameters.
RDC connection management - RDCMan
For remote control servers and PCs running Windows are provided with the Remote Desktop Connection snap-in. If you need to establish many RDP connections with different settings, then it becomes inconvenient to work with it. Instead of methodically saving individual settings for each remote computer, you can use the free Remote Desktop Connection Manager RDCMan to automate this process. After starting, specify the RDP connection settings that will be used by default and inherited by all connections. Here we set general credentials, gateway, screen settings, security settings and much more. Next, we create the required number of system groups (for example, by purpose, location, OS version), for each of them, you can specify specific connection settings. And the last step is filling the groups with systems. To add a server, you only need to enter Domain name, if any parameter differs from the group settings, you can immediately redefine it. If necessary, systems can be easily moved between groups by simple drag and drop. If there are many systems, it is easier to create a text file by specifying one name per line, and then feed the blank to the utility. Now, to connect, it is enough to select the desired server and in context menu click on "Connect". You can simultaneously activate multiple connections and switch between them.
Free Active Directory Tools
Managing Active Directory parameters using standard tools is not always easy and convenient. In some situations, ManageEngine's Free Active Directory Tools will help. The kit consists of fourteen utilities, run from one shell. For convenience, they are divided into six groups: AD USer Report, SharePoint Report, User Management, Domain and DC Info, Diagnostic Tools, and Session Management. For example, launching Empty Password User Report will allow you to get a list of accounts with empty passwords, GetDuplicates - to get accounts with the same attributes, CSVGenerator - to save Active Directory account data to a CSV file. Other features: report last logon time, retrieve data from AD based on a query, report on SharePoint installations, manage local accounts, view and edit domain password policies, get a list of domain controllers and their roles, manage their replication, monitor them work (CPU load, RAM, hard drives, performance, etc.), terminal session management, and much more.
Comodo Time Machine
The ability to restore the system using the System Restore component is inherent in Windows, starting with XP, but its functionality, to put it mildly, is limited, so it is often used for backup third party applications. Free utility Comodo Time Machine (comodo.com) allows you to roll back the OS to any previous state. Moreover, it will work even if the OS has completely stopped loading. During the process, CTM creates restore points (manually or on a schedule), and all changed system files, registry, as well as user files. it great advantage compared to System Restore, which only saves and restores system files and the registry. The first copy has the maximum size, the rest of the copies store only modified files. In order to save free disk space, you should periodically create a new checkpoint, deleting old archives. To be able to restore the OS, information about CTM is written in boot sector; to call up the corresponding menu, just press the "Home" key. You can also restore the OS state according to a schedule, for example, configure the utility's behavior so that each reboot automatically rolls back to a "clean" version of the system. This will be useful, for example, in Internet cafes, where users leave behind a lot of garbage in the system. In addition to full OS recovery, the utility provides the ability to get an earlier version of any file from the archive. Search has been implemented, so you can find the data you need without any problems.
Amanda
The task of centralized data backup from workstations and servers running Windows and * nix can be solved with the help of AMANDA Advanced Maryland Automatic Network Disk Archiver). Initially, the program was created to work with tape drives, but over time, developers have proposed a mechanism called "virtual tapes" (vtapes), which allows you to save the collected data to hard drives and CD / DVD. AMANDA is a convenient add-on to the standard Unix programs dump / restore, GNU tar and some others, so its main characteristics should be considered precisely in terms of the capabilities of these basic utilities. Works on a client-server basis. All available authentication methods are used to access computers: Kerberos 4/5, OpenSSH, rsh, bsdtcp, bsdudp or Samba password. To collect data from Windows systems, a special agent or, alternatively, Samba is used. Compression and encryption (GPG or amcrypt) of information can be performed both directly on the client and on the server. All settings of the backup parameters are made exclusively on the server, there are ready-made templates in the delivery, so it's quite easy to figure it out.
Core Configurator 2.0 for Server Core
The initial configuration of a server running Win2k8 / R2 in Server Core mode is performed in the console using commands. To make things easier, the OS developers have added an interactive script SCONFIG.cmd to R2, which allows you to configure the basic parameters of the system. An alternative is available on Codeplex - the wonderful Core Configurator. For its operation, you will need the NetFx2-ServerCore, NetFx2-ServerCore and PowerShell components. After starting Start_CoreConfig.wsf, we get a menu, in it we find several items that provide access to the main settings that would have to be managed from the command line: product activation, setting screen resolution, clock and time zone, network interface, setting permissions for remote RDP connections . local account management, Windows settings Firewall, enable / disable WinRM, change computer name, workgroup or domain, configure role, features, Hyper-V and launch DCPROMO. If you select the "Load at Windows startup" checkbox, the program will be loaded along with the system.
Exchange 2010 RBAC Manager
Exchange 2010 introduces a new role-based access model that allows you to fine-tune the privilege level for users and administrators based on the tasks they perform. The only drawback is that the built-in management tools using PowerShell cmdlets may not seem convenient and understandable to everyone. More advanced is the free Exchange 2010 RBAC Manager (RBAC Editor GUI, rbac.codeplex.com), which offers a clean graphical interface for setting properties for all roles. Dealing with its features will not be difficult even for a beginner. The program is written in C # and uses PowerShell. To work, you need installed Exchange 2010 Management Tools.
PowerGUI
As soon as it appeared, the PowerShell command shell won the sympathy of Windows admins, who have long needed a tool that allows them to automate many tasks. With the first versions of PowerShell, Microsoft developers were unable to offer a more or less functional editor, so several third-party projects filled the niche. The best of these today is PowerGUI, which provides a user-friendly graphical interface for efficiently creating and debugging PowerShell scripts. At the same time, the authors offer ready-made sets of scripts for solving many problems - they can be used in their developments.
Multi-Tabbed PuTTY
The free PuTTY client is well known to admins who need to connect to remote hosts via SSH protocols, Telnet or rlogin. This is very convenient program, which allows you to save session settings for quick connection to the selected system. The only inconvenience is that with a large number of connections, the desktop is loaded with many open windows. This problem is solved by the Multi-Tabbed PuTTY add-on, which implements the tab system.
INFO
PuTTY was originally developed for Windows, but was later ported to Unix.Conclusion
Often there is no need to puzzle over a solution to a specific problem: most likely, other administrators have already encountered it and offered their own version - a specific utility or script that you don't even need to pay for.
A hack employee is a disaster for any enterprise or company. Therefore, the question constantly arises of how to control an employee at his working computer and make sure that there are no illegal actions.
Immediately, we note that the employee must be notified (in writing, with a signature) that there is covert surveillance of a computer in the local network. Perhaps only this fact will already help to avoid violations and put the employee on the path of a “hard worker”. If not, then here is a solution for complete control over computers on a local network.
Local network control program
So, the software is called "Mipko Employe Monitor" - a version specifically for corporate networks.
After installation and launch, and you can start it from the desktop or by pressing "ctrl + alt + shift + k", you need to configure the user interface - what exactly needs to be monitored and controlled on the local network.
- 1. On the top left there is a section where a user from your network is selected, whose log is monitored in this moment: When expanded, a list of recorded actions will be displayed (depending on the settings).
- 2. Now directly about the "Tools" - "Settings" functionality. For each user, the "tracking" parameters can be configured individually.
Monitoring allows you to track the following actions:
- - keystrokes;
- - screenshots;
- - activity in social networks;
- - exchange of messages in "skype";
- - visited websites;
- - saving the clipboard;
- - program activity;
- - snapshots from a webcam;
- - call recording;
- - file operations.
Quite extensive functionality. The main things that employers are usually interested in when monitoring users on a local network are screenshots and visited websites.
In order not to face claims of interference in personal information(for example, if you set a view of the visited web pages and saw personal correspondence on social networks), block all social networks and chats, as well as a ban on the installation of third-party software - only what is required for work.
Remote monitoring of a computer on a local network
As a rule, the employer is interested in only two aspects - a screenshot of the computer of a local network user and his viewing of web pages (as mentioned above, employees are familiar with this information).
- 3. The settings for taking a screenshot include the following components:
- - selection of a time interval, indicated either in minutes or in seconds;
- - take a picture when opening a window;
- - take a picture at the click of the mouse;
- - do not take a picture when inactive;
- - snapshot mode (full screen, window);
- - and the quality of the picture.
- 4. In the "visited websites" section it is still easier: select the "type of interception" and whether to save a screenshot.
- 5. Now about where all this will be stored or sent. In the settings section "Sending":
- - first, set the "Log type" and the pop-up list;
- - set in what format the "HTML" report or "ZIP" archive will be saved;
- - select the type of sorting and the time interval for sending the report;
- - the most basic - where the report will be sent: to mail / ftp / folder on the computer.
- - then enter your username and password, click "Apply".
That's it, now employees, as they say, "Under the hood" - you can monitor the users of the local network.