Hi,
I have a task I was hoping for some assistance.
We're trying to find out the ID of an employee that is installing Google chrome.
When chrome is installed, it starts to play up with privileges on the main server, and requires a lengthy session to reset.
I presume we need to find the SID ID within the software in registry and match that to the persons profile. Not overwhelming evidence as of course someone else could be logged onto that system, but it's a start.
Please could you advise,
Thanks,
Chris
Can you give us some clues about the environment please?
We're trying to find out the ID of an employee that is installing Google chrome.
When chrome is installed, it starts to play up with privileges on the main server, and requires a lengthy session to reset.
I am sorry, can you better explain?
I mean is a browser all that is needed to "change privileges on the main server"? 😯
What makes you think that Chrome is installed at all (and that particular install was used to compromise the server settings)?
I mean, besides finding the culprit, the issue is "allowing to change server settings" from a browser (which I don't think necessarily must be Chrome).
BTW, besides an install, the thingy can be used as "portable" or from a VM or the like.
And even if specific browser is needed, SRWARE Iron
http//
behaves exactly like Chrome (actually it is Chrome with some fluff removed).
jaclaz
I'm not a network engineer but if installing a browser messes with your main server then whoever set up the main server may have made some mistakes.
Apart from that far easier to just restrict all users to non Admin privileges and make sure no one can install anything except Domain admins.