# Pc Question, Spying On The Kids?



## pg tips (May 16, 2003)

Folowing Stan's post on forum mods dare I risk posting a "dumb" question? Awaiting the "go and search for the answer you lazy bugger" retorts but here goes!









Is it eazy to find out what your kids have been doing on the pc?

not for me, well not yet anyway, but a friend of the 710.

She has a 15 yr old who's been banned from using the pc but she feels that she's going behind her back and sneaking online (msn usually).

Is it an eazy process to get a log of what the pc has been used for and when? ie is a secret log stored somewhere that shows date and time of pc being powered up and what programmes / aplications were opened / closed etc?


----------



## strange_too (Feb 19, 2007)

The easy thing to do if it's a Win 2000, XP or Vista box would be to password/biometric protect it. If she needs to access Word etc, set her up on a limited account with no internet privileges.

Other than that a keystroke logger would be a way to check what is happening with the computer. Other than that I can't think of any log programs, but I'm sure there are a few about.


----------



## pg tips (May 16, 2003)

I know what your saying Ron, but I don't know the full story, She's somewhat a bit of a handful and her mother is at the end of a very long tether by all accounts.

She's just wanting to know her worst fears are unfounded.


----------



## Robert (Jul 26, 2006)

Can you uninstall MSN messenger?


----------



## mel (Dec 6, 2006)

A quick and dirty click on "History" in your browser will at least give pages looked at recently. That's like things that teenies go for - BEBO and similar - rife with virus crap. I've banned the grandchildren from using mine on Bebo and other similar sites, they can fikllup their own machine with viral and other stuff, but not mine.


----------



## Stan (Aug 7, 2003)

Send her for counseling and find out what the real problem is.

The rest is just sandbagging.


----------



## Running_man (Dec 2, 2005)

Rather than ban her from using the internet [which could get her back up and make her more rebellious] I'd see if her broadband router has the facility to block certain websites, restrict access times and block instant messaging. Most modern routers do have the first two features and some can even save the web history to a text file into a folder of your choice. This is of course assuming she does use a router and not just a direct modem into the wall.

This way, by compromising, her mother will be seen as fair and maybe calm her down a bit. I also agree with Stan; she sounds like she needs a good talking to.


----------



## Boxbrownie (Aug 11, 2005)

If MSN is the prime concern you can configure it to save the "chats" to a folder on the PC.....pretty sure if you make the folder in the admin area the little monkey will not be able to get in there to delete the log of her chats (providing you havent given her "admin" rights)......is that too sneaky?









Best regards David


----------



## pg tips (May 16, 2003)

Thanks David I'll pass it on.

Stan the "real" problem is she's 15!









They have blocked the family pc but aparently she's suspected of sneaking in her brothers room (who's away at uni) and using his pc. The mother doesn't want to start a fight unnecessarily so wants to be able to got onto the boys pc and just check if it's been used whilst he's away, she'll then know if the girl has been in there. Does internet history have date and time info?


----------



## Robert (Jul 26, 2006)

I can't speak as a parent, but I don't think I would want to be able to read the chats later. Could potentially be quite disturbing/upsetting and of course easily misunderstood.

Think I would go for prevention - take the fuse out


----------



## rhaythorne (Jan 12, 2004)

I'm not sure if you can do this in all versions of Windows, but in XP Pro the very first thing I'd do is enable auditing.

To do this, go into Administrative Tools and click on Local Security Policy. Expand the Local Policies "folder" in the left pane and select Audit Policy. In the right pane you will now see various things that you can log for success or failure. Account Logon Events might be a good one in this case. After enabling auditing in this way you will find that you have a Security Log available in Event Viewer which is also accessible from Administrative Tools or by typing "eventvwr" in the Run box from the Start menu.










Another good log file to interrogate (if using Internet Explorer) is the index.dat file which records Internet activity. If I recall correctly, this is stored by default in the user's profile in the following location:

C:\Documents and Settings\_username_\Local Settings\Temporary Internet Files\Content.IE5\index.dat

Take a copy of the file and then process it with the following utility:

RedCliff Web Historian

This will (after several minutes depending on the size of the file) produce an Excel spreadsheet showing all user's Internet activity such as pages visited and times/dates they were accessed.

You could also try looking in the following Registry location:

HKEY_USERS\_users SID_\Software\Microsoft\Internet Explorer\TypedURLs

This shows URLs typed in Internet Explorer's address bar. You'll need to know the user's unique SID (Security Identifier) on the system, or just go through each one if there aren't that many. Alternatively, have a search for the user2sid and sid2user utilities on the Internet, which can convert these for you. I've got copies here somewhere but can't find 'em at the moment.

I'd be hesitant to use a key logger for several reasons. One, the user might spot it which always tends to be a bit of a show stopper! Two, the logs they generate aren't too easy to read as they literally record every keystroke including Space bar, Shift, backspace etc. Three, software keyloggers have an annoying habit of triggering antivirus alerts so, if you do go down this route, remember to exclude the folder, sub-folders and files in which you install the keylogger software from being scanned.


----------



## rhaythorne (Jan 12, 2004)

You could always undelete it


----------



## rhaythorne (Jan 12, 2004)

Re. sid2user and user2sid. Found 'em









sid.zip


----------



## Griff (Feb 23, 2003)

Go into My Computer

Then into local disc C

Then into documents and settings

Then into log in name folder

Then into cookie folder or internet files.

Then you can see dates files etc., and double clicking on any file will open up what it is

This girl sounds like a very stubborn and determined kid and may be real bad news to deal with

Dealt with she must be though........... at all costs I would say


----------



## pugster (Nov 22, 2004)

another way to find out what is going on is to install a keylogger on the comp.


----------



## Who. Me? (Jan 12, 2007)

pg tips said:


> ...wants to be able to got onto the boys pc and just check if it's been used whilst he's away, she'll then know if the girl has been in there.


If it's as simple as that, she could try...

Click Start then right-click on My Computer and choose 'Manage'. On the tree in the new window, choose System Tools>Event Viewer>Application.

This will list times and dates when applications have started or stopped or done mysterious techy stuff in the right hand pane. Most will just say 'Information' in the 'Type' field.

1/. If there are entries there for dates and times that the PC shouldn't have been used, then someone has been on the PC at that time.

2/. If she really wants to know if MSN has been used during the login...

If she finds any entries in the 'Source' column in that right hand pane that say 'ESENT', double click a few.

An Event Properties window will appear.

In the 'Description' field; MSN Messenger activity looks something like _'MsnMsgr (2996) \\.\C:\Documents and Settings\*<username>*\Local Settings\Application Data\Microsoft\Messenger\*<email address>@hotmail.com*\SharingMetadata\Working\database_C40_1968_4019_59B2\dfsr.db: The database engine started a new instance (0)'_

I've taken my personal details out of here, but the user's login name and email address appear in the *<bits in bold>*.

This works on XP Pro, will have a play tonight at home to see if it works on XP home as well.


----------



## rhaythorne (Jan 12, 2004)

Tut! See what happens PG? I should've flamed ya right from the start


----------



## Stan (Aug 7, 2003)

If this had been a certain Linux forum the first reply would have been RTFM.


----------

