Re: Netwatcher
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 12/23/03
- Next message: Ian Williams: "Unwanted icons on startup"
- Previous message: alanrw: "I.E. lock out"
- In reply to: danbug: "Netwatcher"
- Next in thread: dev: "Re: Netwatcher"
- Reply: dev: "Re: Netwatcher"
- Reply: dev: "Re: Netwatcher"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Dec 2003 23:48:16 GMT
I can't remember exactly what netwatcher does, but in W2K you can monitor active
sessions via Computer Management/shared folders/sessions. You can also enable
auditing of logon events for success and failure to see who is accessing or trying to
access your computer in the Event Viewer/security log. It is also possible to audit
access to folders/files after enabling auditing of object access, but the events in
the log are not very user friendly and there will be a lot of them [probably
thousands].
http://support.microsoft.com/default.aspx?scid=KB;en-us;q300958
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
Having said that, there are things you can do to protect yourself. Make sure your
ntfs permissions are hardened. For instance in a default installation the everyone
and users group may have excessive permissions on the root/drive folder. If they do
not need that much access, reduce them to read/list/execute and make sure that
permissions are correct on the folder for your personal files being shore to check
advanced permissions. First I would see the KB link below on how to reset W2K ntfs
permissions to default defined permissions, which you may want to do. Use a complex
password, protect it, and change it periodically. Never use you password on an
untrusted machine where someone may have installed a keyboard logger. If they are
taking over your computer, then they have administrator access. Check the membership
of the local administrator and power users group to see if it is what you expect and
change your administrator passwords now. You can also restrict access to your
computer over the network by modifying the "access this computer from the network"
user right assignment in Local Security Policy/security settings/local policies/user
rights. If you are referring to a domain controller, then you can not restrict that
user right or users can not logon to the domain. If you do not need to access or
offer shares or Computer Management remotely, then you could also disable file and
print sharing on your machine. Ipsec filtering can also be used to deny/allow access
to a computer in a fashion similar to a firewall by managing ip addresses, ports, and
protocols. --- Steve
http://support.microsoft.com/?kbid=266118
"danbug" <netwatch@danbug.com> wrote in message
news:020b01c3c8cf$987b51b0$a401280a@phx.gbl...
> I am looking for something in Win2k that will allow me to
> monitor network access the way Netwatcher does in Win95/98.
>
> I have a class full of students that are using hacker
> tools to gain access to my files and control my system. I
> need a way to find out which machine is doing this.
>
> TIA,
> danbug
- Next message: Ian Williams: "Unwanted icons on startup"
- Previous message: alanrw: "I.E. lock out"
- In reply to: danbug: "Netwatcher"
- Next in thread: dev: "Re: Netwatcher"
- Reply: dev: "Re: Netwatcher"
- Reply: dev: "Re: Netwatcher"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
