Activity and Authentication Analyzer (AAAnalyzer) is the security, forensic software, now distributed as Beta, to implement the activity analysis, to counteract to such an analysis and to change the system settings and policies, to prohibit and to restrict the access to the stored sensitive to content data and available services
Monday, July 24, 2023
Activity and Authentication Analyzer history
version 1.64.0.10 Beta
released on 3 September 2023.
Made design-time and run-time code separation in several components
version 1.64.0.9 Beta
released on 24 July 2023.
The functions of filling with blanks or zeros of activity traces were removed from application. The application icon was renewed.
version 1.64.0.8 Beta
released on 16 April 2023.
Bug caused by optimisation in compiler was overwhelmed. Some graphic was changed for modern OS requirements. Changed the compiler from Delphi 7 to Delphi 2007
version 1.64.0.7 Beta
released on 15 March 2023.
Several bugs are defeated. Switching program performance removed as unnecessary.
version 1.64.0.6 Beta
released on 12 February 2023.
Three system policies for Windows MS Office: 2007, 2010, 2013, 2016 were added to the program
version 1.64.0.5 Beta
released on 20 January 2023.
version 1.64.0.4 Beta
released on 1 January 2023.
Several system policies for Windows Defender were added to the program.
version 1.64.0.3 Beta
released on 11 December 2022.
The main items that were added: Policies for disabling the history and synchronization in Google Chrome and Microsoft Edge.
version 1.64.0.2 Beta
released on 11 December 2022.
version 1.64.0.1 Beta
released on 3 December 2022.
version 1.64.0.0 Beta
released on 27 November 2022.
I called back from the past and decided to revive the old project - Activity and Authentication Analyzer.
Most functionality is disabled.
Download
Activity and Authentication Analyzer
Tuesday, November 29, 2022
Three system policies for Recent Documents in Windows
Removes the Documents menu from the Start menu
The Recent Items menu contains links to the nonprogram files that users have most recently opened. It appears so that users can easily reopen their documents. If you enable this setting, the system saves document shortcuts but does not display them in the Recent Items menu. If you later disable it or set it to Not Configured, the document shortcuts saved before the setting was enabled and while it was in effect appear in the Recent Items menu. Note: This setting does not prevent Windows programs from displaying shortcuts to recently opened documents. See the Do not keep history of recently opened documents setting. Also, see the Do not keep history of recently opened documents and Clear history of recently opened documents on exit policies in this folder. This setting also does not hide document shortcuts displayed in the Open dialog box.NoRecentDocsMenu
Clear history of recently opened documents on exit
If you enable this setting, the system deletes shortcuts to recently used document files when the user logs off. As a result, the Documents menu on the Start menu is always empty when the user logs on. If you disable or do not configure this setting, the system retains document shortcuts, and when a user logs on the Documents menu appears just as it did when the user logged off. Note: The system saves document shortcuts in the user profile in the System-drive\Documents and Settings\User-name\Recent folder. Also, see the Remove Documents menu from Start Menu and Do not keep history of recently opened documents policies in this folder. The system only uses this setting when neither of these related settings are selected. This setting does not clear the list of recent files that Windows programs display at the bottom of the File menu. See the Do not keep history of recently opened documents setting. This policy setting also does not hide document shortcuts displayed in the Open dialog box.ClearRecentDocsOnExit
Do not keep history of recently opened documents
Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents. If you enable this setting, the system and Windows programs do not create shortcuts to documents opened while the setting is in effect. Also, they retain but do not display existing document shortcuts. The system empties the Documents menu on the Start menu, and Windows programs do not display shortcuts at the bottom of the File menu. If you disable this setting, the system defaults are enforced. Disabling this setting has no effect on the system. Note: The system saves document shortcuts in the user profile in the System-drive\Documents and Settings\User-name\Recent folder. Also, see the Remove Documents menu from Start Menu and Clear history of recently opened documents on exit policies in this folder. If you enable this setting but do not enable the Remove Documents menu from Start Menu setting, the Documents menu appears on the Start menu, but it is empty. If you enable this setting, but then later disable it or set it to Not Configured, the document shortcuts saved before the setting was enabled reappear in the Documents menu and program File menus. This setting does not hide document shortcuts displayed in the Open dialog box.NoRecentDocsHistory
The System Registry branch for all these System Policies is the same - Software\Microsoft\Windows\CurrentVersion\Policies\Explorer on hive - HKEY_CURRENT_USER
Value Type: REG_DWORD
Value Data: 0 (also absent) or 1
As Microsoft gives in their Administrative Templates spreadsheets, all of these three system policies are applied on User-based scope, despite the fact that they could be enabled on Local-machine as well, what I found while testing my software.
Another fact, Microsoft Administrative Templates tell that these system policies act at least since Windows 2000. No, they can be applied in Windows Me, Windows NT 3.51 and Windows NT 4.0
All these system policies are realized in Activity and Authentication Analyzer
Download
Sunday, June 19, 2022
Activity and Authentication Analyzer versions history
version 1.64 (Build 113)
One new features was added in this version:
Purge backup older then... which performs self-cleaning of backup journal.
6 new Windows Logon items were added.
13 new System Policies and Settings related to the Windows Media Player were added.
2 new System Policies related to the Group Policy were added.
1 new System Policy related to the Network was added.
4 new System Policies related to the File System were added.
2 new System Policies related to the MS Outlook Express were added.
8 new System Policies and Settings related to the NVidia Video were added.
14 new System Policies related to the Windows Firewall were added.
3 new Spidersoft WebZip histories related to the Download History were added.
3 new MS Access histories were added.
2 new MS Excel XP histories were added.
3 new MS InfoPath 2003 histories were added
version 1.63 (Build 111)
Two new features were added in this version:
Opening the System Registry key in Regedit.exe which allows to launch the Windows registry editor Regedit.exe and load the key associated with the selected item in the view.
Full control over multi-string System Registry values including the separate multi-line editor.
10 Settings were adapted for use with Office XP.
7 MS Access Histories were adapted for use with Office XP.
8 MS Excel Histories were adapted for use with Office XP.
3 MS FrontPage Histories were adapted for use with Office XP.
5 MS Office Shortcut Bar Histories were adapted for use with Office XP.
10 MS PowerPoint Histories were adapted for use with Office XP.
11 MS Word Histories were adapted for use with Office XP.
2 Search Histories specific to Office XP were added.
2 Outlook Search Histories were adapted for use with Office XP.
3 Search Histories were adapted for use with Windows XP.
2 new Archives Histories specific to WinRar were added.
2 new System Policies related to the Network specific to Windows 95/98/ME were added.
version 1.62 (Build 111)
2 new Windows Histories specific to XP were added.
1 new Network History Logon Last User Name specific to Windows 95/98/ME.
4 new Archives Histories related to WinRAR and 6 new Archives Histories related to WinZip were added.
4 new Download Histories related to GetRight and 2 new Download Histories related to Teleport Pro.
3 new Miscellaneous Histories related to Adobe were added.
2 new lists of settings Applications Paths and Uninstall related to Windows Configuration were added to the Windows configuration.
2 new System Policies related to the Windows Shell were added.
3 new System Policies related to the Windows Explorer specific to Windows 2000/XP were added.
3 new System Policies related to the Add/Remove Programs specific to Windows 2000/XP were added.
1 new System Policy related to the Desktop was added.
4 new System Policies related to the Group Policy specific to Windows 2000/XP were added.
10 new System Policies related to the Log On\Off were added.
2 new System Policies related to the Network specific to Windows 2000/XP were added.
17 new System Policies related to the Network and Dial-Up Connections specific to Windows 2000/XP were added.
4 new System Policies related to the Passwords were added.
3 new System Policies related to the Printers specific to Windows 2000/XP were added.
4 new System Policies related to the Offline Files specific to Windows 2000/XP were added.
10 new System Policies related to the System were added.
7 new System Policies related to the Task Scheduler were added.
version 1.61 (Build 110)
3 new Histories specific to MS Netmeeting were added.
2 new Histories specific MS Windows Media Player were added.
Two Run sections for automatic applications startup in System Registry specific to Windows Setup or Add/Remove Programs Wizard were added.
One new StartUp group related to the Windows Logon StartUp with 4 new sections was added.
2 new system policies related to the Recycle Bin specific to System were added.
2 new settings: Enable MS Excel Macro Virus Protection and Hide MS Excel Recent Files List specific to MS Excel were added.
1 system policy specific to Internet Explorer 5.5 or higher Menu was added.
The main feature added in this version is Empty Recycle Bin while Deleting All Histories.
version 1.60 (Build 109)
Three new setting: Correct registry key UTC time to Local Time, Clear Document shortcuts on Start Menu while Deleting All Histories and Clear All Histories on Exit were added.
2 options allow to Open File (Launch Application) or Open Containing Folder were added.
3 ini-files keys corresponding to the Windows startup routines which can launch the applications were added.
11 double system policies specific to Windows Start Menu were revised to get possibly applied either on Computer or User basis.
11 system policies specific to Add/Remove Programs were revised to use with Microsoft Installer version 2.0.
1 new system setting specific to Windows Start Menu for Windows 9.x was added.
1 new recent files history specific to MS Windows Media Player was added.
version 1.55
8 Histories specific to MS FrontPage were added.
101 double system policies were revised to get possibly applied either on Computer or User basis.
The character of limitations in unregistered version are changed.
Now, there is no forbidden (not available) operation. Modification, filing, deletion and system policy change are limited up to ten times per seance.
version 1.50
The adaptation of the System Policies to the Internet Explorer 6.0 was made.
23 System Policies and Settings specific to Internet Explorer toolbar customizing were added.
27 System Policies specific to MS Netmeeting were added.
4 System Policies specific to MSN Instant Messenger 4.x were added.
3 System Policies specific to Internet Explorer menu customizing were added.
1 System Policy specific to Internet Explorer 6.0 Control Panel customizing was added.
3 System Policies specific to Windows NT/2000/XP Log On\Off sequence were added.
6 System Policies and Settings specific to Windows StartUp were added.
2 System Policies specific to Windows NT/2000/XP Network were added.
2 System Policies specific to Windows NT Network were added.
6 System Policies and Settings specific to the Windows Shell were added.
5 Settings specific to the MS Office 2000 were added.
5 Authentication entries specific to Internet Explorer were added.
1 History specific to Internet Explorer for the Network histories was added.
version 1.40
The main feature in this version is thorough adaptation to the MS Windows ME.
The adaptation to the Windows XP was made.
4 Histories lists specific to MS Windows ME/2000/XP Network were added.
5 Histories lists specific to MS Windows ME/2000/XP were added.
2 Shell Folders: My Music and My Video were added to the Windows configuration.
2 Parameters: Hardware IDentification Number and Microsoft IDentification Number were added to the Windows Authentication.
2 System Folders: Other Devices Directory and Multimedia Configuration Directory were added to the Windows configuration.
2 System Policies specific to Explorer Processes management were added.
3 System Settings specific to Explorer auto-completion mode were added.
7 System Settings for the Start Menu specific to MS Windows ME/2000/XP were added.
1 System Setting for the Network specific to MS Windows ME/2000/XP was added.
1 System Policy for the Network specific to MS Windows 2000/XP was added.
5 System Policies for the Start Menu specific to MS Windows XP were added.
1 System Policy for the Windows Shell specific to MS Windows ME/2000/XP was added.
3 System Policies for the Windows Shell specific to MS Windows 2000/XP were added.
4 System Policies for the Windows Shell specific to MS Windows XP were added.
1 System Policy for the Start Menu specific to MS Windows 2000/XP was added.
version 1.30
New substantial feature which allows to Clear, Fill with blanks or Undo either All or in selected histories with one menu-click is realized in this version.
New feature which allows to save into single HTML-file the detailed Reports on the Histories, Windows Authentication and Policies states.
1 System policy related to Windows NT/2000 Network was added.
version 1.20
3 Histories lists specific to MS Windows ME/2000/XP Search history were added.
1 History list specific to MS Word 2000 was added.
1 History list specific to MS PowerPoint 2000 was added.
3 Histories lists specific to Telnet were added.
2 System policies related to Add/Remove programs specific to Windows 2000 were added.
8 System policies related to Windows System settings were added.
Some changes were made to the program interface.
version 1.10
The main feature added in this version is the Policies Profile set replication by loading/ saving to the log-file.
The usage of the wildcards in Find Criteria for the Registry scan was added.
The dialog for the Find Criteria in the Registry scanning suffered cardinal change.
The dialog for the Filter Criteria selection in the Journal was added.
version 1.08
The main feature added in this version is last registry key change time.
Under Windows 2000 this feature allows to retrack not only what was made but when!
6 System Policies specific to MS Windows 2000 were added.
The list of local shared file resources in Windows 9.x was added.
version 1.07
In this version more than 45 new histories specific to MS Office showing activity tracks were added.
10 Histories lists specific to MS Access 2000 were added.
8 Histories lists specific to MS Access 97 were added.
8 Histories lists specific to MS Office Tools 2000 were added.
7 Histories lists specific to MS Office Tools 97 were added.
4 Histories lists specific to MS Binder 2000 were added.
8 Histories lists specific to MS Binder 97 were added.
The option allowing to disable System Policy by deleting System Registry key was added.
The option allows showing the location (whether in HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER hive) System Registry key corresponding to System Policy was added.
version 1.06
In this version more than 43 new histories showing activity tracks were added.
7 Histories lists specific to MS FrontPage 2000 were added.
14 Histories lists specific to MS PowerPoint 2000 were added.
13 Histories lists specific to MS Word 2000 were added.
8 Histories lists specific to MS Excel 2000 and 1 history list specific to MS Excel 7.0/97 were added.
version 1.05
In this version more than 50 new histories showing activity tracks were added.
25 Histories lists specific to MS Word 7.0/97, 2 histories list specific to MS Word 7.0, 2 histories' list specific to MS Word 97 were added
8 Histories lists specific to MS Excel 7.0/97 and 2 histories lists specific to MS Excel 97 were added.
9 Histories lists specific to MS PowerPoint 7.0/97 and 2 histories lists specific to MS PowerPoint 7.0 were added.
The Network Histories lists: Persistent Network Connections specific to Windows NT/2000 were added.
version 1.04
The Network Histories lists: Recent and Persistent Network Connections specific to Windows 9.X/NT, Recent Nethood Connections, Recent Network Mapped Drives specific to Windows 2000/XP were added.
Some bugs were fixed.
version 1.03
Six Run sections for automatic applications startup in System Registry specific to Windows NT/2000/XP were added.
Two Run sections for automatic applications startup in System Registry specific to Windows ME/2000/XP were added.
The System Policies related to Add\Removes Programs specific to Windows 2000/XP were added.
version 1.02
In this version the System policies related to Microsoft Office 2000 were added.
The Recent Files Lists for the Access, Excel, PowerPoint, Outlook Find History of the Microsoft Office (versions 7.0, 97, 2000) were added.
The Internet Explorer System Policies were separated into four parts for the sake of users convenience.
version 1.01
In this version history lists were added which take into account some of the Windows ME/2000/XP particularities of Recent documents tracks.
The items multi-selection option was added.
Some bugs were fixed.
version 1.0 Commercial Release
The Help file was added in this version.
The item Tips were added in this version.
version 1.0 Beta 3
In this version AAAnalyzer has functionality allows not to block activity analysis but to see Windows and Explorer histories, what can be called user's activity tracks see authenticity information entered during installation.
The system restrictions (policies) list was significantly expanded.
The separate chapter included restrictions for Internet Explorer.
The Item "Windows" accessible in this version includes:
1. The first "History" item includes some list of user's work tracks.
This chapter will be subject of serious work and addition in future AAAnalyzer versions.
2. "Install", "Shell", "System" folders locations which show Windows configuration, locations of principal files and Page "Windows "with information fits for authenticity.
version 1.0 Beta 2
First features were added to block the possibility of the very activity analysis - system policies management. (Sometimes these policies are called "restrictions")
Proper these policies knowledge and usage can effectively stop analysis and close many gaps.
Now, every item or in "System Policy", either in "Windows" has detailed description appeared after item selection in bottom-located Tip-window.
It is recommended to read these tips to ascertain the essence and necessity of actions being performed over Windows internal settings.
version 1.0 Beta 1 (Build 1.0.1.5)
Three separate dialogs boxes for system registry key value convenient modification were added in this build:
- first editor for numeric values in three formats: bin, decimal, hex,
- second multiline editor for string values,
- third hex/symbol editor for hex values.
version 1.0 Beta 1
AAAnalyzer version 1.0 made available for download.
Activity and Authentication Analyzer history
"Activity and Authentication Analyzer" takes into account what system policies and what histories of user activity are inherent in...