Catch Rogue User: Send SMS to Mobile Phone when Logon Detected

Question:
I would like to know how to have an SMS sent to my mobile phone when a certain user attempts to logon to a PC in our Win2k domain.

Background/Why/Problem:
I have changed the local and domain Administrator accounts to have only user privledges. I use a different user name to administer. I wish to catch the person who is trying to logon as "Administrator" (domain admin not local).  Even though they are wasting their time I feel the person must be spoken to. I have examined the logs but am always a few minutes behind... I need instant notification to my mobile as our users move between PC's quite frequently.

Our Setup:
3 x Windows 2000 Server Active Directory Domain Filesevers. Over 190 Windows 2000 Professional Clients joined to the domain. Users can logon using their own individual user account on any PC (roaming profiles).

Here is an example of the SMS I would like sent to my mobile phone:

22/11/2003 - 10:12am
PC NAME: "IPS-E4-LAB-26"
USER NAME: "Administrator"
MESSAGE: Failed Logon Attempt


Finally, I am willing to use a third party solution as long as you can recommend it and not just post a link.
LVL 1
MatiteAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ferg-oCommented:

If you enable SNMP on the server and have it pump auditing events to OpenNMS ( http://www.opennms.org ) you can use an SMS modem to send you through the messages. I know of a company using this solution for all their network management stuff. They use a Siemens SMS modem.

Another way to do it, which may be tidier would be to use an IDS system like ISS or Manhunt which can send failed login messages via SNMP to OpenNMS.

If you have money you could use HP OpenView which has an SMS alerting add on option.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ferg-oCommented:

If you enable SNMP on the server and have it pump auditing events to OpenNMS ( http://www.opennms.org ) you can use an SMS modem to send you through the messages. I know of a company using this solution for all their network management stuff. They use a Siemens SMS modem.

Another way to do it, which may be tidier would be to use an IDS system like ISS or Manhunt which can send failed login messages via SNMP to OpenNMS.

If you have money you could use HP OpenView which has an SMS alerting add on option.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.