Have you considered using Firewall Builder? I've used it before to configure iptables and it works quite well.

Here's something that can be fixed. The word I circled should be "you're".

Hi @Ambarishrh,

I work for SpectorSoft and would be happy to answer any questions that you have about Spector 360 (including Recon) or Spector CNE.

Looking over your requirements, you should be able to monitor most of what you are wanting to with Spector 360. The one thing I don't think we will be able to help you with will be the email attachments on Webmail as we currently do not Record (monitor) those. Everything else looks like it would be a good fit.

As far as for file server activity, we record (again, monitor) everything from the perspective of the client computer. We call it Document Tracking and it can record what files are created, deleted, edited or renamed on local storage, network storage, removable and cloud storage. We currently support OneDrive, Google Drive and Dropbox.

As far as being able to go back and review video, we record screenshots of the users' computers. By default, these screenshots are recorded every thirty seconds and in a grayscale format. Grayscale works very nicely and is a great tradeoff between clarity and space required to store them. It looks similar to an old black and white television. However, you can change them to be full color if you prefer. You can also change the interval at which they are taken and add other "events" that would trigger additional pictures to be taken. For example, the presence of certain key words or phrases, specific keys pressed, web pages loaded, program started, etc.

Again, if you have any questions, please let me know and I'd be happy to help. There is both an evaluation and an online "test drive" for Spector 360 available here.

@scottalanmiller said:

No amount of IT experience prepares you to be a developer. It's a different job, a different range of skills.

True that. You'll also run into many developers who can't do simple things like install software or configure IP settings on their computer, etc. Two very different fields.

@Dashrender According to Mark Cuban, it means that QVC can't be on Comcast any more. The logic escapes me so far.

@Dashrender - You generally rely on one or the other. I don't know that it will use both root hints and forwarders.

You do get slightly better performance out of forwarders, but we're talking about miliseconds. Also, if you have multiple DNS servers, you should remember that forwarders are not stored in Active Directory. You would need to configure your forwarders on each of your DNS servers independently.

Root Hints tend to provide more redundancy. While you only see thirteen of them in the list, many of them are distributed geographically and provide their own type of fault tolerance. I believe there are 457 active root DNS servers right now.

The difference in performance is so small that it's really only a matter of preference. You'll get the same result with either. The only real difference is that when you are using Root Hints, you'll perform a series of iterative queries and expect referrals until you get the authoritative server for the domain you're interested in. When you use a forwarder, you're sending a single recursive query to the forwarder and letting that DNS server handle all of the iterative queries and return you the final answer.

Personal preference. I go with the one that requires less configuration and provides more reliability, even if it's at the expense of a few miliseconds on the response time.

At a hospital I used to work for we had done something similar. We both hid and restricted access to the drive in Explorer through Group Policy. The users' desktops, favorites and documents folders were all redirected to network locations.

All that being said, it is a lot of work to make something like this functional. Lots of testing. Users still had to have access to create files in certain locations on the local drive, they just didn't know they were doing it and couldn't really do it intentionally.

The key takeaway here is to do lots and lots of testing. It took us quite a while to work out every little kink so that every user in every department with every different job role could do whatever they needed to without trouble and on any computer.

Edit: In case I forgot to mention it, you would have to test this a LOT! While you don't want the users to save information to the local drive, applications often do need to and you'll want to ensure that they can in order to function properly. All that being said, if and once you get something like this in place and worked out, and done right, any user will be able to walk up to any computer, log on, and do the same work that they would be able to do on any other computer in the place. And if anything goes wrong, you simply pull the computer, put in a different one and off to the races they go. You then repair the computer you pulled and give it to the next random person that needs one. It is quite awesome and reduces help desk calls enormously.

Edit 2: Did I mention that you have to test this a lot?

@thecreativeone91 said:
...if each is unique (ex: \fs-01\users$%username%) you can redirect...

Do people still hide the user home directories share or did you mean to type a backslash where you typed the dollar sign? It's actually been a really long time since I've seen anyone use a hidden share that wasn't one of the automatically generated administrative shares.

@thanksaj said:

Windows is unstable in many ways because it doesn't do things like Linux. The registry? ICK!

I know it used to, and I believe Windows still tries to load the entire registry into memory. I know it makes access to it almost instant, and with so much memory nowadays it probably doesn't make the difference it used to, but why load so many configurations into memory for applications you aren't even running???

@scottalanmiller said:

Your senior just "asked you to develop software?" How does he expect you to do that? What if he asked you to write a song or build a car?

Have you hear some of the pop music these days? Writing a song actually shouldn't be that hard.

Hi @Ambarishrh,

I work for SpectorSoft and would be happy to answer any questions that you have about Spector 360 (including Recon) or Spector CNE.

Looking over your requirements, you should be able to monitor most of what you are wanting to with Spector 360. The one thing I don't think we will be able to help you with will be the email attachments on Webmail as we currently do not Record (monitor) those. Everything else looks like it would be a good fit.

As far as for file server activity, we record (again, monitor) everything from the perspective of the client computer. We call it Document Tracking and it can record what files are created, deleted, edited or renamed on local storage, network storage, removable and cloud storage. We currently support OneDrive, Google Drive and Dropbox.

As far as being able to go back and review video, we record screenshots of the users' computers. By default, these screenshots are recorded every thirty seconds and in a grayscale format. Grayscale works very nicely and is a great tradeoff between clarity and space required to store them. It looks similar to an old black and white television. However, you can change them to be full color if you prefer. You can also change the interval at which they are taken and add other "events" that would trigger additional pictures to be taken. For example, the presence of certain key words or phrases, specific keys pressed, web pages loaded, program started, etc.

Again, if you have any questions, please let me know and I'd be happy to help. There is both an evaluation and an online "test drive" for Spector 360 available here.

I'm a heavy Adobe Audition user, but I use an older version that I think is much better and I am dreading the day that I might have to go to the CC version.

@scottalanmiller said:

No amount of IT experience prepares you to be a developer. It's a different job, a different range of skills.

True that. You'll also run into many developers who can't do simple things like install software or configure IP settings on their computer, etc. Two very different fields.

@scottalanmiller said:

Your senior just "asked you to develop software?" How does he expect you to do that? What if he asked you to write a song or build a car?

Have you hear some of the pop music these days? Writing a song actually shouldn't be that hard.

@Dashrender said:

The problem with comparing current Cable to Internet is that the bit for your cable service are NOT coming to you over the internet.

Agreed. Which is where the buffoon completely lost me.

@Dashrender said:

That connection is not an internet connection, so who in their right mind would think that this private connection would be regulated by these new laws?

Mark Cuban.

@thanksaj said:

Windows is unstable in many ways because it doesn't do things like Linux. The registry? ICK!

I know it used to, and I believe Windows still tries to load the entire registry into memory. I know it makes access to it almost instant, and with so much memory nowadays it probably doesn't make the difference it used to, but why load so many configurations into memory for applications you aren't even running???

@thecreativeone91 said:
...if each is unique (ex: \fs-01\users$%username%) you can redirect...

Do people still hide the user home directories share or did you mean to type a backslash where you typed the dollar sign? It's actually been a really long time since I've seen anyone use a hidden share that wasn't one of the automatically generated administrative shares.

At a hospital I used to work for we had done something similar. We both hid and restricted access to the drive in Explorer through Group Policy. The users' desktops, favorites and documents folders were all redirected to network locations.

All that being said, it is a lot of work to make something like this functional. Lots of testing. Users still had to have access to create files in certain locations on the local drive, they just didn't know they were doing it and couldn't really do it intentionally.

The key takeaway here is to do lots and lots of testing. It took us quite a while to work out every little kink so that every user in every department with every different job role could do whatever they needed to without trouble and on any computer.

Edit: In case I forgot to mention it, you would have to test this a LOT! While you don't want the users to save information to the local drive, applications often do need to and you'll want to ensure that they can in order to function properly. All that being said, if and once you get something like this in place and worked out, and done right, any user will be able to walk up to any computer, log on, and do the same work that they would be able to do on any other computer in the place. And if anything goes wrong, you simply pull the computer, put in a different one and off to the races they go. You then repair the computer you pulled and give it to the next random person that needs one. It is quite awesome and reduces help desk calls enormously.

Edit 2: Did I mention that you have to test this a lot?

If I understood the goober's logic right, it went something like this...

Net Neutrality is based on the idea that all bits are created equally and should be treated equally.

He then says that television transmissions across cable are bits just like the Internet is.

Companies can't pay for a "fast lane" or "paid prioritization" on the Internet under these new regulations. Therefore, the same should apply to cable television. QVC actually pays the cable provider to carry their channel. And, since it's using up bits that it wouldn't be using up had QVC not paid for it, then it would not be allowed.

He goes into it at 4:58 in the video. I feel stupider just watching him. Maybe I should bow out and quit trying to understand what he's even trying to say. I think Net Neutrality is a good thing, of course.

A tweet from Mark Cuban: https://twitter.com/mcuban/status/570957428226809857

I agree with @scottalanmiller, it would be great if the FCC could make him go away.

@scottalanmiller said:

Ah, you are misreading this. I read this and the only bit I got was "Mark Cuban is a moron and doesn't know the difference between a LAN and the Internet and should stop talking."

I actually didn't read anything. I just watched the video and listened to the dummy talk.