Hi,
I'm using nessus 2.0.5 on debian linux, and would like to be able to do
the following.
I'd like to be able to monitor a group of windows 2000 server
periodically - every 5 mins - scanning them to determine if there are
any admins logged in. It would also be good to get the current
server/domain users in the administrator group and report any changes
to this via e-mail.
At the moment I have inserted a user/pass into the smb section of the
nessus client and when I scan the server I usually get a list of
accessible shares, but nothing in the way of users in the
administrators group or indeed admin users currently logged in. (Other
windows security vulnerabilities are flagged).
My question is this. Is it possible (how?) does one scan for admins
logged in/when last logged in. And get the subsequent alert e-mailed?
I've seen windows scanners which report admin users on the domain, time
of last login and password change etc. All without a valid domain
password. Can nessus do this and then report it asap?
Any ideas?
Many thanks,
James
- Re: Windows 2000 administrator group -- periodic check James Blackburn
- Re: Windows 2000 administrator group -- periodic c... Hugo van der Kooij
- Re: Windows 2000 administrator group -- periodic c... Renaud Deraison
- Re: Windows 2000 administrator group -- periodic c... Brian Anon
- Re: Windows 2000 administrator group -- period... James Blackburn
- Re: Windows 2000 administrator group -- pe... Hugo van der Kooij
