Save eventvwr for several months, just in case
From: Marlon Brown (marlon_brownj_at_hotmail.com)
Date: 06/28/03
- Next message: David Robbins: "Re: Can someone tell me what hacker can be done on my LAN"
- Previous message: Sandi - Microsoft MVP: "Re: Please help with pop-ups!!"
- Next in thread: S. Pidgorny [MVP]: "Re: Save eventvwr for several months, just in case"
- Reply: S. Pidgorny [MVP]: "Re: Save eventvwr for several months, just in case"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 28 Jun 2003 00:32:58 -0700
My boss requested a domain admin account for some contractors that are
working in a long term project. I am not confident in their skills and I
would like to have eventvwr saved for several months, just in case I need to
investigate who did what in AD & Win2K system.
I have audit enabled following best practices from www.microsoft.com.
My question is regarding saving eventvwr logs. Basically I am using a WMI
script that is able to backup eventvwr on daily basis. The problem is, at
this point I am not sure from which server should I back the event logs ? I
have total of 6 DC's.
What I am concerned at most are abuse of privilege such as consultants using
that account to grant rights to somebody or deleting objects in AD.
If I save the event logs from PDC Emulator, would that be a solid record ?
- Next message: David Robbins: "Re: Can someone tell me what hacker can be done on my LAN"
- Previous message: Sandi - Microsoft MVP: "Re: Please help with pop-ups!!"
- Next in thread: S. Pidgorny [MVP]: "Re: Save eventvwr for several months, just in case"
- Reply: S. Pidgorny [MVP]: "Re: Save eventvwr for several months, just in case"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
