[SepiasSoul]

Ive recently run into an issue at work where the files on my PC, as well as several other employees have had files go missing or being moved into different location, and email being read and forwarded mysteriously. The upper management seems to be of the belief that someone is logging into the accounts and reading some of the more sensitive information on the computers, they are of the belief that it may be the IT department since they have access to all the computers on an administrative level. I was wondering if there was any software out there that would create a log of user log ins, dates and times for the log ins on the affected PC's. If it could record the actions that are being done, that would be a plus, but all we really need is proof that someone is loging in and how so we could lock them down, and prevent it in the future. I appreciate the help.

Sepias

[lunarlander]

There are logs of people logging in in the event viewer. It is at Start > Administrative Tools > Event Viewer.

If you don't see Administrative Tools, then you need to right click on the Start button > Properties > Start menu customize. And enable "System Administrative Tasks" near the bottom of the scroll list. ( Mine is a Vista box, the wording might be a little different on XP )

Then you look for these Event IDs ( for Vista) :
4624,4636 for all logins.
4672 for admin logins

For XP, the Event IDs are :
528/540 for all login
576 for admin logins

However, if they are logging in as admins, they can erase the security log.

[SepiasSoul]

sorry it took me so long to reply. Yes the logs have been erased. Is there an outside program that you know of that can log events? Preferably one that can be installed on the local machine? Aside from that, I take it encryption is my only other option for the files, or taking the PC's off the network am I correct? Since the IT department says the need administrative access to all the PCs, restricting them isn't an option.

Thanks for the reply.

[lunarlander]

I dont know of any third party programs that can record logins. I think encryption is your only choice. Have a look at Truecrypt, it is free and pretty good.