Silent STRCPYSCN?

Ken, I think a better solution is to turn on security auditing and then audit everything done by this user profile. This will even allow you to see the names of files and other objects that are accessed by programs called by the user. What this will not do is show you the individual changes they made to files. (You get to see that the file was opened but not what was read from or written to the file.) Ed Fishel

Silent STRCPYSCN?

look into the products by Softlanding. They have some code that will allow you to look at the same screen the user is, see their joblog, see their LDA, all in real time, AND you can set it up so that the user is unaware their session is being monitored...

Silent STRCPYSCN?

I’m trying to conduct a subtle investigation in to what a certain high powered profile is being used for. A lot of the functions performed under this profile involve the 4GL LANSA which doesn’t offer easy reading when looking through the Joblog. Instead, I would like to perform a STRCPYSCN on this users profile but I really don’t want them to know this is happening. The problem is STRCPYSCN sends a break message to the workstation message queue asking for permission to begin the copy screen, subtly goes out the window. I tried coding a break handling program but either my code is duff or the STRCPYSCN message is being handled below the OS level. Has anyone come across this scenario before? How did you get round it?

Silent STRCPYSCN?

I second Ed's words. User Profile auditing has the added benefit of being asynchronous so that you don't have to "catch" anyone in the act, you can just review the logs at a later date. What's more, User Profile auditing writes it's details to the QAUDJRN, so if there is a dispute about what was (or was not) done, the journal can be referenced to get an accurate version of history. Otherwise it's your word against theirs. If you suspect someone of criminal fraud, then you should consult a security forensics expert to capture data that could be used as evidence. jte