Do you mean like the event viewer (Source: Print): Document 2, Test Page owned by Administrator was printed on HP LaserJet 4 - File via port C:\FIRST TEST PRINT JOB 09871234. Size in bytes: 0; pages printed: 1 followed by: Document 2, Test Page owned by Administrator was deleted on HP LaserJet 4 - File. Time, computer, user, blahblahblah. Things like that perhaps? If you want to be paranoid (not sure if this works in windows) you can setup a printer pool/pair/whatever that includes a file device printer (essentially making a copy of ALL print jobs). Alternatively you can troll the filesystem for files with access times similar to the last print job. I bet it's times like this that you wished you had enabled auditing on the printer device (under security tab, advanced button). Horse. Gone. Door. Closed? Kurt Seifried, kurtat_private A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 25 2002 - 03:47:43 PDT