First, you can't delete the administrator account.
Second, if you want to audit NT/W2K, you need to enable security logging
either in User Manager or the Local Security policy. These events will all
be logged to the Security Event Log.
Third, to look up the meaning of the rather cryptic security messages, I
suggest you get a copy of TechNet. There are a number of Q articles and
whitepapers that define the meaning of the various security messages.
Fourth, I'm not sure that this has anything to do with firewalls per se, so
you might want to ask on an NT mailing list or newsgroup.
HTH
Wes Noonan, MCSE/MCT/CCNA/NNCSS
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
[EMAIL PROTECTED]
http://www.bmc.com
-----Original Message-----
From: Li, John [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 08, 2001 10:24
To: '[EMAIL PROTECTED]'
Subject: How can I know who deleted the administrator account?
Hello all,
I am new to audit Windows NT. Can you tell me how to investigate Windows NT
to know those abnormal things? Is there any document about decoding NT event
information? Thanks.
John Li
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
