Can you see who installed a program?

Jewelzz

OSNN Godlike Veteran
Joined
5 Mar 2002
Messages
10,978
Can I find out who installed FF on a PC? Employees are work keep installing it and I want to know who it is.
 

Cilix

OSNN Junior Addict
Joined
30 Mar 2007
Messages
29
Are you in a domain enviroment?

EDIT: I can see the only way to do it natively in Windows is to check the registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe

Hopefully, you will find the FF exe file in the MRU list underneath the users documents and settings path. And tada, you nailed them.

If you dont find it there, I can do some investigation into a monitoring software which will do the trick.
 
Last edited:

lancer

There is no answer!
Political Access
Joined
7 Oct 2004
Messages
3,093
wont it show up in the event log and which user was logged on when that happened?
 

Jewelzz

OSNN Godlike Veteran
Joined
5 Mar 2002
Messages
10,978
Are you in a domain enviroment?

EDIT: I can see the only way to do it natively in Windows is to check the registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe

Hopefully, you will find the FF exe file in the MRU list underneath the users documents and settings path. And tada, you nailed them.

If you dont find it there, I can do some investigation into a monitoring software which will do the trick.
I'll check the regedit next time I find it installed. I can't install anything that isn't company approved.

see who owns the file in sharing and security.
Where's that? :s
wont it show up in the event log and which user was logged on when that happened?
Not sure where to look
whats wrong with FF? :cry:
Nothing except my employees are suppose to be working and not surfing the net AND they are not suppose to be installing any software!
 

zeke_mo

(value not set)
Staff member
Political Access
Joined
25 Aug 2004
Messages
1,991
Nothing except my employees are suppose to be working and not surfing the net AND they are not suppose to be installing any software!


Those jerks...
 

LordOfLA

Godlike!
Joined
2 Feb 2004
Messages
7,026
Where's that? :s

Right click the file/folder and chose properties, then security tab. The person that created the file will be one of the listed accounts with access authorisation.

Nothing except my employees are suppose to be working and not surfing the net AND they are not suppose to be installing any software!

Change their accounts to power user or limited user in control panel > user accounts or hire a consultant to setup a small active directory network bases on microsoft small business server 2003.
 

LeeJend

OSNN Veteran Addict
Joined
25 Jan 2003
Messages
5,291
Lord
I know what you said is true because that's the way our XP desktops at work are but I can't find the owner for folder on my machines at home.

Is there a setting I missed somewhere? I have accounts and passwords on. I did not set Windows to make accounts private. Would that be the difference?

Jewelzz
I just spent a few hours looking for a script to get the who installed info and 2000, XP, and server 2003 do not support the "owner" info in the install data so that path is a dead end. I also scanned my registry out of curiosity and only one out of 30 programs I looked at had "owner" info stored for it.

It looks like locking down the systems tighter is your best bet. You could also write a script that will scan each computer daily and list all installed software. That much I did find. Let me know if you want it. You could also write a script to remove FF on an hourly basis to annoy the culprit...

PS Thanks. This project tied in nicely with brushing up on my scripting skills which I need for work soon.
 

American Zombie

Moderator
Staff member
Political Access
Joined
23 Jun 2004
Messages
2,961
Simple way to me would be to just go into the FF folder and right click any of the files and see the created time/date. Next, go into event viewer > security and see who was logged in at that time.
 

Brad

OSNN Veteran Addict
Political Access
Joined
24 Mar 2002
Messages
2,281
Must be a joyful place to work...
 

Shamus MacNoob

OSNN Veteran Addict
Political Access
Joined
8 Jan 2002
Messages
4,199
There is a way to stop them from installing anything at all and stop them from doing many things unwanted by using group policy editor .
 

Jewelzz

OSNN Godlike Veteran
Joined
5 Mar 2002
Messages
10,978
The PC is locked as much as possible (we have a desktop group that handles that, I can't do much more), the staff do need some access as we use a monitoring tool that runs off the net and needs to be able to have a popup. I'm pretty sure I know who installed FF the last time but I was so pissed it had been installed (right after it was re-imaged) that I simply uninstalled it without looking.
 

Perris Calderon

dealer
Staff member
Political Access
Joined
24 Jan 2002
Messages
12,374
this is probably suggested before, I haven't read all the answers

anyway, search for the .exe, hit properties, go to general, it will tell you when it was last accessed, then check the logs for who was on the computer at that time
 

Cilix

OSNN Junior Addict
Joined
30 Mar 2007
Messages
29
The PC is locked as much as possible (we have a desktop group that handles that, I can't do much more), the staff do need some access as we use a monitoring tool that runs off the net and needs to be able to have a popup. I'm pretty sure I know who installed FF the last time but I was so pissed it had been installed (right after it was re-imaged) that I simply uninstalled it without looking.

You should be yelling at these people then. If they manage the workstations and they allow users free roam like that, it just opens the door for any number of different threats.
 

Jewelzz

OSNN Godlike Veteran
Joined
5 Mar 2002
Messages
10,978
Thanks for all the suggestions fellas :) If the company doesn't care I won't care either. You know my motto, "just say fu*k it" :p
 

Members online

No members online now.

Latest profile posts

Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
Terrahertz wrote on Electronic Punk's profile.
Yo fellas!
Electronic Punk wrote on Sazar's profile.
Where are you buddy?
Perris Calderon wrote on Electronic Punk's profile.
Hey EP! All good with me, applying for Microsoft MVP right now, should have done this a while ago.

Notifications don't work, I only found your response by coming back to hunt up some threads, if you want, give me your email address so we can keep in touch easier!
Perris Calderon wrote on Electronic Punk's profile.
EP, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there!

Forum statistics

Threads
61,997
Messages
673,411
Members
5,591
Latest member
nodee