Re: Logging IP address when Administrator logs in

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/12/04 

Date: Thu, 12 Aug 2004 20:00:33 GMT

If you enable auditing of account logons in Domain Controller Security policy it will
show when a user logs onto the domain in the security log of the domain controller
that authenticated the user and if you enable auditing of logon events on domain
computers it will record a logon event in the security log of the computer that the
user logged onto. However it may show the machine name or IP address. On the lan that
should be adequate as you should be able to resolve a computer name to an IP address.
I would recommend that you create separate accounts for users that need to be domain
administrators and NOT share the password. In addition you need to give that power to
a minimum number of people you trust. Most of domain administration can be delegated
to users who are regular users and domain users can be added to the local
administrators account on domain computers they need to manage. Domain administrators
should be reserved for things like creating trusts, adding domains, tcp/ip
configuration of domain controllers, changing security policy, and such. --- Steve

http://www.microsoft.com/technet/security/guidance/secmod144.mspx -- auditing
procedures

"Elias Arends" <elias.arends@setar.aw> wrote in message
news:4d5101c48072$6aa63100$a501280a@phx.gbl...
> Hello all:
>
> We have a Win2K domain and there are several people who
> know the admin password. We need to start tracking from
> which PCs the Administrator user is logging in. Is there a
> way to log the IP address of the machine where the
> Administrator user is logging in?? If not, do you know of
> any 3rd party solutions for this? Thanks.
>
> Elias Arends

Relevant Pages

  • Re: I cant logon to my server with an Administrator .
    ... If this is a domain controller you want to make sure that administrators is in the ... Controller Security Policy. ... If this is not a domain controller, look in the Local Security Policy of the server ...
    (microsoft.public.win2000.group_policy)
  • Re: Terminal Services (Administration mode) Security
    ... the child domain is half way around the world :-) Second issue is just like ... capability when I added the group to the administrators of the local machine ... Do that in Local Security Policy for a domain member and you would ... > domain controller you may want to put in a child OU to the domain ...
    (microsoft.public.win2000.security)
  • Re: Terminal Services (Administration mode) Security
    ... users local administrators to allow then to logon locally and that could ... Do that in Local Security Policy for a domain member and you ... >> domain controller you may want to put in a child OU to the domain ...
    (microsoft.public.win2000.security)
  • User Rights Assignment
    ... security policy - your domain/IT administrators need to ... >In the User Rights Assignment subsection of the ... >(also with admin privileges), and a local profile I use ...
    (microsoft.public.windowsxp.security_admin)
  • Re: WMI remote Access denied
    ... security policy settings. ... Tools> Local Security Policy applet: ... \ASPNET, Administrators, SERVICE ...
    (microsoft.public.windowsxp.wmi)