Re: User activity log
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 3 Apr 2006 22:52:15 -0500
You can enable auditing of object access in Local Security Policy or the
domain level Group Policy enforcing such settings and then audit
folders/files you want to track. For instance you can audit an executable
for when a user executes the file and folders for when users have deleted
files or created files. However auditing everything will create a tremendous
amounts of entries for object access in the security log and impact computer
performance. It is best to audit only the bare number of objects, for the
bare number of permissions, for the bare number or users avoiding
everyone/users/authenticated users groups if possible. The links below
explains more. Event Comb can help you parse security logs for needed
info. --- Steve.
http://support.microsoft.com/default.aspx?scid=kb;en-us;301640
http://www.microsoft.com/technet/security/topics/auditingandmonitoring/securitymonitoring/smpgch04.mspx
"LordShark" <TonyYug@xxxxxxxxx> wrote in message
news:1144110408.914374.237340@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi
I am using Windows Server 2003 Enterprise Edition and wondering if
there is a log file or anything that will give me information on remote
user activity (what applications ran, files copied, deleted ...) Any
help is appreciated.
Thanks
LS
.
- Follow-Ups:
- Re: User activity log
- From: lordshark
- Re: User activity log
- References:
- User activity log
- From: LordShark
- User activity log
- Prev by Date: Re: Any way to see which computers a domain account is logged into?
- Next by Date: Re: Windows Key Manager
- Previous by thread: User activity log
- Next by thread: Re: User activity log
- Index(es):
Relevant Pages
|
