Printer history - where can I find out what documents have been printed from my pc?

  • Thread starter Thread starter Marjorie Proops
  • Start date Start date

Marjorie Proops

Guest
Hi chaps,

I suspect a security breach on one of our pc's and a quick look at the event log raises my suspicions further. How can I check which documents have been printed and when?
Cheeers chappies :thumb2
 
Hey Marj.

This may help or maybe not.:nenau



To show your most recently used documents on the Start menu
Right-click the Start button, and then click Properties.
On the Start Menu tab, click Start menu, and then click Customize.
On the Advanced tab, select the List my most recently opened documents check box.
The next time you click Start, the My Recent Documents folder is on the Start menu. This folder contains the documents and files you opened recently.

Note

On the Advanced tab, click Clear List to empty the My Recent Documents folder. This does not delete the documents from the computer.
Related Topics

I got the above script from entering "printer history" in Help and support from windows.

open "MY COMPUTER" along the top left are ,,file ,,edit,,,view,,favorites,,,tools,,,HELP.

Click on help and type in printer history (as I did)

May help in future if not now,

Pat
 
Cheers Pat,

That works on my computor, I will need to go over to the suspect pc and see if I can match the recent documents to the suspected security breach times.

Thanks again :thumb2
 
Hi Marj,

No problem hope you get all sorted out.

I read "documents" to mean printed matter.. I suppose it can't be anything else can it.:nenau

Pat
 
If "audit" option is on check "event viewer" (control panel\admin tools).
If you have server check "event viewer" there too.

Assuming that you are talking about WinXP Pro, Win 2k Server or Win2k3 server.

List of recently used docs doesn't mean that user actually sent doc to print.

There are several options/solutions for such things... i hope it is not too late...



Taken from windows help file:

Audit object access

Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy

Description
Determines whether to audit the event of a user accessing an object—for example, a file, folder, registry key, printer, and so forth—that has its own system access control list (SACL) specified.

If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when a user successfully accesses an object that has a SACL specified. Failure audits generate an audit entry when a user unsuccessfully attempts to access an object that has a SACL specified. To set this value to no auditing, in the Properties dialog box for this policy setting, select the Define these policy settings check box and clear the Success and Failure check boxes.

Note that you can set a SACL on a file system object using the Security tab in that object's Properties dialog box.
 
Thanks for all the help guys. :thumb2

(The individual concerned no longer works for us)
 
'Need to know' basis unfortunately chaps (I know and you don't need to :P:D)

Actually it was access to medical records and business information - no real use to anyone, no real damage, just mildly embarrassing and and a complete loss of trust.
 
Nippy Normans supply Touratech, Wunderlich, Desert Fox and many other makes of accessories.
You must log in or register to reply here.

Similar threads

Big Lee
How do I find out what programs run when I start up my `puter?
Replies
16
Views
2,015
Banger
Banger


Back
Top Bottom