RE: finding who has logged in on Win2k Pro
From: CHRIS GRABENSTEIN (LFGRABC_at_LF.VCCS.EDU)
Date: 07/23/03
- Previous message: Alvaro Gordon-Escobar: "Cisco Workaround"
- Maybe in reply to: Jose Guevarra: "finding who has logged in on Win2k Pro"
- Next in thread: thalm: "RE: finding who has logged in on Win2k Pro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Jul 2003 08:25:31 -0400 To: <security-basics@securityfocus.com>
I'm not sure how reliable this is, but I generally check the modified date on
ntuser.dat under each profile directory. This would only work with local
profiles I believe and could be circumvented if the user is so motivated.
Does anyone know of problems with this method assuming the user isn't overly
malicious?
|-----Original Message-----
|From: Jose Guevarra [mailto:jose@iquest.ucsb.edu]
|Sent: Tuesday, July 22, 2003 2:03 PM
|To: security-basics@securityfocus.com
|Subject: finding who has logged in on Win2k Pro
|
|
|Hi,
|
| We have possibly had some type of incident at our work place.
|I'd like to
|know if it is possible to check and see the "User Login"
|history on a Win2K
|pro machine. Is this history log enabled by default? What are
|some other
|ways?
|
|thanx,
|
|-Jose G.-
|
|
|---------------------------------------------------------------
|------------
|---------------------------------------------------------------
|-------------
|
|
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Alvaro Gordon-Escobar: "Cisco Workaround"
- Maybe in reply to: Jose Guevarra: "finding who has logged in on Win2k Pro"
- Next in thread: thalm: "RE: finding who has logged in on Win2k Pro"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
