RE: Sniffer information to track LSASS activity.
From: Bill-MT (BillMT_at_discussions.microsoft.com)
Date: 04/11/05
- Previous message: Roger Abell: "Re: Establish auditing for 600 users"
- In reply to: Bill-MT: "Sniffer information to track LSASS activity."
- Next in thread: Ezra Herman: "Re: Sniffer information to track LSASS activity."
- Reply: Ezra Herman: "Re: Sniffer information to track LSASS activity."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 10 Apr 2005 19:37:02 -0700
First, Thanks to all of you for responding.
Per your recommendations I have done the following.
- Enabled specific auditing of failures for certain events on the DC in
question.
- Downloaded and tried both Process Explorer and TcpView.
- -Examined/modified my capture filter by selecting on specific MS TCP/UDP
ports.
Yesterday (Saturday) I rebooted the DC in question. So far (Sunday night)
more than 24hours later the unusual CPU activity associated with this event
has not re-occurred (which tells me that this event is not caused by any
systems normally running on the weekend (i.e. the 24x7 systems) so I have not
been able to use any of your advice yet.
Although at this point I have nothing to report per your recommendations
above, I do have an one additional question at this time. Per the response I
got to my original posting on this issue, do any of you believe it is good
practice to install Anti Virus software on a Domain Controller. And if yes,
are there any caveats to doing so.
Thanks again for your suggestions. - bill
- Previous message: Roger Abell: "Re: Establish auditing for 600 users"
- In reply to: Bill-MT: "Sniffer information to track LSASS activity."
- Next in thread: Ezra Herman: "Re: Sniffer information to track LSASS activity."
- Reply: Ezra Herman: "Re: Sniffer information to track LSASS activity."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
