So we haven’t had a discussion on the event log yet. I figure it is about time. The event log is the quintessential defensive tool. Any access you’re your system gets logged to the event log. The main thing you are going to be concerned about is the security event log. Every attempted access to your system, whether it fails or succeeds, gets logged in the security event log. This can be very handy when you are concerned about your co-workers running a shutdown or using psexec on you. Checking your event log can also let you know if someone has accessed the file system remotely to copy over some piece of code they wrote.
Tomorrow I will go into detail on how you might monitor the event log in real time for particular things but for today I remind you that OfficeDefender does just that. Any attempted logins will be displayed in the window and any attempted shutdowns will be aborted.