Re: administrator sign on
From: Karl Levinson [x y], mvp (levinson_k@despammed.com)
Date: 04/20/03
- Next message: Thomas: "java"
- Previous message: Karl Levinson [x y], mvp: "Re: I dont need all this security , its way to uncompfortable"
- In reply to: rj: "Re: administrator sign on"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y], mvp" <levinson_k@despammed.com> Date: Sun, 20 Apr 2003 08:33:04 -0400
I dont' think Windows audits this by default. This would be in your Windows
Event log in the Security log, in the Computer Management MMC. First, you'd
want to enable auditing:
http://securityadmin.info/faq.htm#auditing
You don't want to enable auditing of everything... look for some
recommendations of what to audit in the above links [or if necessary, in
www.google.com or www.microsoft.com/technet/security or in the hardening
guides at www.nsa.gov ] Start by auditing every kind of failure, and then
also audit success of, say, logon events, and probably also system events,
object access, account management, account logon events. One way to get to
this information is Start, run, gpedit.msc, OK, Computer Configuration,
Windows settings, Security Settings, Local Policies, Audit Policy. Again,
the links above should tell you what you need to do better than I can.
"rj" <rob.judge@wintegra.com> wrote in message
news:01d501c306f3$c653b4e0$a401280a@phx.gbl...
> I use Windows 2k....How exactly do I bring up the security
> log you mention below? It's not real intuitive...thx for
> your answer.
>
>
>
> >-----Original Message-----
> >On Sat, 19 Apr 2003 15:48:38 -0700, "robj"
> <rob.judge@wintegra.com>
> >wrote:
> >
> >>Whne my macchine is idle, it requires me to sign on with
> a
> >>password. Note: I am not tied to a network, I work from
> >>home. I have very good reason to suspect that someone,
> in
> >>my absence, used my password and logged onto the machine
> >>and was able to access key competetive information by
> >>either reviewing web history or acessing key documents.
> >>
> >>I know the hours I was away from my machine and I know
> who
> >>may have had access.
> >>
> >>Question: Is there anyway to tell at what times my
> >>password was used to gain acess to the machine.
> Reminder,
> >>I am not NOT on a network. I feel this data is resident
> in
> >>the hard drive somewhere, I just don't know how. This is
> a
> >>matter of professional and personal integrity, and has
> >>legal non-disclosure implications. Please help. Thank you
> >>
> >>Note: The "event viewer" cannot solve this problem.
> >
> >Why not, if you're using NT or 2K (and XP I would
> assume), the
> >security log would tell you when someone signed on.
> >
> >If you're using ME, 98, or 95... you're pretty much
> SOL... you could
> >possibly look for files with a timestamp matching time
> that you were
> >away from the PC.... not sure what else could be done.
> >
> >
> >.
> >
- Next message: Thomas: "java"
- Previous message: Karl Levinson [x y], mvp: "Re: I dont need all this security , its way to uncompfortable"
- In reply to: rj: "Re: administrator sign on"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
