Can you see who installed a program?

Cilix

OSNN Junior Addict
#2
Are you in a domain enviroment?

EDIT: I can see the only way to do it natively in Windows is to check the registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe

Hopefully, you will find the FF exe file in the MRU list underneath the users documents and settings path. And tada, you nailed them.

If you dont find it there, I can do some investigation into a monitoring software which will do the trick.
 
Last edited:

Jewelzz

OSNN Godlike Veteran
#6
Are you in a domain enviroment?

EDIT: I can see the only way to do it natively in Windows is to check the registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe

Hopefully, you will find the FF exe file in the MRU list underneath the users documents and settings path. And tada, you nailed them.

If you dont find it there, I can do some investigation into a monitoring software which will do the trick.
I'll check the regedit next time I find it installed. I can't install anything that isn't company approved.

see who owns the file in sharing and security.
Where's that? :s
wont it show up in the event log and which user was logged on when that happened?
Not sure where to look
whats wrong with FF? :cry:
Nothing except my employees are suppose to be working and not surfing the net AND they are not suppose to be installing any software!
 
#8
Right click the file/folder and chose properties, then security tab. The person that created the file will be one of the listed accounts with access authorisation.

Nothing except my employees are suppose to be working and not surfing the net AND they are not suppose to be installing any software!
Change their accounts to power user or limited user in control panel > user accounts or hire a consultant to setup a small active directory network bases on microsoft small business server 2003.
 

LeeJend

OSNN Veteran Addict
#9
Lord
I know what you said is true because that's the way our XP desktops at work are but I can't find the owner for folder on my machines at home.

Is there a setting I missed somewhere? I have accounts and passwords on. I did not set Windows to make accounts private. Would that be the difference?

Jewelzz
I just spent a few hours looking for a script to get the who installed info and 2000, XP, and server 2003 do not support the "owner" info in the install data so that path is a dead end. I also scanned my registry out of curiosity and only one out of 30 programs I looked at had "owner" info stored for it.

It looks like locking down the systems tighter is your best bet. You could also write a script that will scan each computer daily and list all installed software. That much I did find. Let me know if you want it. You could also write a script to remove FF on an hourly basis to annoy the culprit...

PS Thanks. This project tied in nicely with brushing up on my scripting skills which I need for work soon.
 

American Zombie

Administrator
Staff member
Political User
#10
Simple way to me would be to just go into the FF folder and right click any of the files and see the created time/date. Next, go into event viewer > security and see who was logged in at that time.
 

Jewelzz

OSNN Godlike Veteran
#13
The PC is locked as much as possible (we have a desktop group that handles that, I can't do much more), the staff do need some access as we use a monitoring tool that runs off the net and needs to be able to have a popup. I'm pretty sure I know who installed FF the last time but I was so pissed it had been installed (right after it was re-imaged) that I simply uninstalled it without looking.
 

Perris Calderon

Administrator
Staff member
Political User
#15
this is probably suggested before, I haven't read all the answers

anyway, search for the .exe, hit properties, go to general, it will tell you when it was last accessed, then check the logs for who was on the computer at that time
 

Cilix

OSNN Junior Addict
#16
The PC is locked as much as possible (we have a desktop group that handles that, I can't do much more), the staff do need some access as we use a monitoring tool that runs off the net and needs to be able to have a popup. I'm pretty sure I know who installed FF the last time but I was so pissed it had been installed (right after it was re-imaged) that I simply uninstalled it without looking.
You should be yelling at these people then. If they manage the workstations and they allow users free roam like that, it just opens the door for any number of different threats.
 

Jewelzz

OSNN Godlike Veteran
#17
Thanks for all the suggestions fellas :) If the company doesn't care I won't care either. You know my motto, "just say fu*k it" :p
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,971
Messages
673,299
Members
89,016
Latest member
Poseeut