Can you see who installed a program?

Jewelzz

OSNN Godlike Veteran
Joined
5 Mar 2002
Messages
10,980
Can I find out who installed FF on a PC? Employees are work keep installing it and I want to know who it is.
 

Cilix

OSNN Junior Addict
Joined
30 Mar 2007
Messages
29
Are you in a domain enviroment?

EDIT: I can see the only way to do it natively in Windows is to check the registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe

Hopefully, you will find the FF exe file in the MRU list underneath the users documents and settings path. And tada, you nailed them.

If you dont find it there, I can do some investigation into a monitoring software which will do the trick.
 
Last edited:

lancer

There is no answer!
Political Access
Joined
7 Oct 2004
Messages
3,093
wont it show up in the event log and which user was logged on when that happened?
 

Jewelzz

OSNN Godlike Veteran
Joined
5 Mar 2002
Messages
10,980
Are you in a domain enviroment?

EDIT: I can see the only way to do it natively in Windows is to check the registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe

Hopefully, you will find the FF exe file in the MRU list underneath the users documents and settings path. And tada, you nailed them.

If you dont find it there, I can do some investigation into a monitoring software which will do the trick.
I'll check the regedit next time I find it installed. I can't install anything that isn't company approved.

see who owns the file in sharing and security.
Where's that? :s
wont it show up in the event log and which user was logged on when that happened?
Not sure where to look
whats wrong with FF? :cry:
Nothing except my employees are suppose to be working and not surfing the net AND they are not suppose to be installing any software!
 

zeke_mo

(value not set)
Staff member
Political Access
Joined
25 Aug 2004
Messages
1,994
Nothing except my employees are suppose to be working and not surfing the net AND they are not suppose to be installing any software!


Those jerks...
 

LordOfLA

Godlike!
Joined
2 Feb 2004
Messages
7,026
Where's that? :s

Right click the file/folder and chose properties, then security tab. The person that created the file will be one of the listed accounts with access authorisation.

Nothing except my employees are suppose to be working and not surfing the net AND they are not suppose to be installing any software!

Change their accounts to power user or limited user in control panel > user accounts or hire a consultant to setup a small active directory network bases on microsoft small business server 2003.
 

LeeJend

OSNN Veteran Addict
Joined
25 Jan 2003
Messages
5,291
Lord
I know what you said is true because that's the way our XP desktops at work are but I can't find the owner for folder on my machines at home.

Is there a setting I missed somewhere? I have accounts and passwords on. I did not set Windows to make accounts private. Would that be the difference?

Jewelzz
I just spent a few hours looking for a script to get the who installed info and 2000, XP, and server 2003 do not support the "owner" info in the install data so that path is a dead end. I also scanned my registry out of curiosity and only one out of 30 programs I looked at had "owner" info stored for it.

It looks like locking down the systems tighter is your best bet. You could also write a script that will scan each computer daily and list all installed software. That much I did find. Let me know if you want it. You could also write a script to remove FF on an hourly basis to annoy the culprit...

PS Thanks. This project tied in nicely with brushing up on my scripting skills which I need for work soon.
 

American Zombie

Moderator
Staff member
Political Access
Joined
23 Jun 2004
Messages
2,964
Simple way to me would be to just go into the FF folder and right click any of the files and see the created time/date. Next, go into event viewer > security and see who was logged in at that time.
 

Brad

OSNN Veteran Addict
Political Access
Joined
24 Mar 2002
Messages
2,281
Must be a joyful place to work...
 

Shamus MacNoob

OSNN Veteran Addict
Political Access
Joined
8 Jan 2002
Messages
4,199
There is a way to stop them from installing anything at all and stop them from doing many things unwanted by using group policy editor .
 

Jewelzz

OSNN Godlike Veteran
Joined
5 Mar 2002
Messages
10,980
The PC is locked as much as possible (we have a desktop group that handles that, I can't do much more), the staff do need some access as we use a monitoring tool that runs off the net and needs to be able to have a popup. I'm pretty sure I know who installed FF the last time but I was so pissed it had been installed (right after it was re-imaged) that I simply uninstalled it without looking.
 

Perris Calderon

dealer
Staff member
Political Access
Joined
24 Jan 2002
Messages
12,387
this is probably suggested before, I haven't read all the answers

anyway, search for the .exe, hit properties, go to general, it will tell you when it was last accessed, then check the logs for who was on the computer at that time
 

Cilix

OSNN Junior Addict
Joined
30 Mar 2007
Messages
29
The PC is locked as much as possible (we have a desktop group that handles that, I can't do much more), the staff do need some access as we use a monitoring tool that runs off the net and needs to be able to have a popup. I'm pretty sure I know who installed FF the last time but I was so pissed it had been installed (right after it was re-imaged) that I simply uninstalled it without looking.

You should be yelling at these people then. If they manage the workstations and they allow users free roam like that, it just opens the door for any number of different threats.
 

Jewelzz

OSNN Godlike Veteran
Joined
5 Mar 2002
Messages
10,980
Thanks for all the suggestions fellas :) If the company doesn't care I won't care either. You know my motto, "just say fu*k it" :p
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,013
Messages
673,483
Members
5,607
Latest member
jonazop