Re: Audit logons from outside local ip range

From: Tim Springston [MS] (tspring_at_online.microsoft.com)
Date: 08/31/04

• Next message: Steven L Umbach: "Re: W2K Server / XP Pro Clients / Group Policy -- LOCK TASKBAR"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 31 Aug 2004 10:57:44 -0500

Steven is correct. The only other thought I would add is the use of
EVENTCOMBMT.EXE. This tool will allow you to remotely parse events by event
IDs from only particular machines you specify (by name rather than IP
address).

Info on EVENTCOMBMT.EXE:
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/resources/documentation/windowsServ/2003/all/techref/en-us/eventcombmt.asp

How to Use the EventcombMT Utility to Search Event Logs for Account Lockouts
http://support.microsoft.com/default.aspx?scid=kb;en-us;824209&Product=winsvr2003

To download the tool for free (free is my favorite word):
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

-- 
Tim Springston
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message 
news:OJCc4HsjEHA.1040@TK2MSFTNGP10.phx.gbl...
> That can not be done within the operating system. You might be able to 
> implement a software firewall to track logon attempts from unauthorized IP 
> addresses in the firewall log. Sygate is free to try and you can install 
> it and disable the firewall function and use it just for the logging 
> capabilities. You could also use it to allow or deny traffic based on IP 
> address as you can with Ipsec filtering policy, though ipsec would not 
> give you the kind of logging you want and is more difficult to configure 
> rules unless you are using subnets for larger amount of IP addresses as 
> Ipsec policies do not accommodate IP address ranges.  --- Steve
>
>
> "Matt Landis" <matt(remove)@landiscomputer.com> wrote in message 
> news:O67LQeqjEHA.1048@tk2msftngp13.phx.gbl...
>> Hello,
>>
>> I know how to setup enabling logging successful and unsuccessful logins.
>>
>> Is there a way to only log logins if they are not inside a certain range 
>> of
>> ip addresses?
>>
>> Thanks!
>> Matt
>>
>>
>
> 

---

• Next message: Steven L Umbach: "Re: W2K Server / XP Pro Clients / Group Policy -- LOCK TASKBAR"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: IPSEC ... There is no way to do general logging with ipsec in Windows 2000. ... offer some logging such as for dropped packets. ... software firewall such as Sygate to have some logging. ... (microsoft.public.win2000.general) Re: IPSEC ... There is no way to do general logging with ipsec in Windows 2000. ... offer some logging such as for dropped packets. ... software firewall such as Sygate to have some logging. ... (microsoft.public.win2000.security) Re: IPSEC ... > software firewall such as Sygate to have some logging. ... Ipsec is not meant to be a first line internet ... One weakness of a packet filtering firewall is that due to the ... (microsoft.public.win2000.security) Re: IPSEC ... > software firewall such as Sygate to have some logging. ... Ipsec is not meant to be a first line internet ... One weakness of a packet filtering firewall is that due to the ... (microsoft.public.win2000.general) Re: Audit logons from outside local ip range ... software firewall to track logon attempts from unauthorized IP addresses in the ... function and use it just for the logging capabilities. ... or deny traffic based on IP address as you can with Ipsec filtering policy, ... > I know how to setup enabling logging successful and unsuccessful logins. ... (microsoft.public.windows.server.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)