Turn on auditing for the logon/logoff events, and if you can identify the
source files/directories, enable auditing for those objects as well. The
problem you will have is with all the log data you will receive!
Joe
Alan Cooper
<imalcooper@yahoo To:
[EMAIL PROTECTED]
.com> cc:
Subject: Logging admin access to
workstations
03/13/2002 12:22
PM
I have a potential hacker on our corporate LAN who has
network-wide administration rights and may be copying
confidential files from several executive
workstations. This is a Windows environment and the
workstations involved are Windows 2000 Pro and NT.
The person suspected is extremely sharp and I need to
do this without her knowledge. It is unlikely that
we could use a keyboard-logging program since she is
using a laptop (asking for the laptop may arise her
suspections). She also VPN's from home and I have no
access to her home systems.
Is there a program that we can run on Win 2000 and NT
workstations that will log all access attempts, tell
me what they are doing if access is granted, their IP
address, time of day, etc? Is there a better way
approach this problem?
Thanks for your help.
__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/
