Notification when local admin logs into a machine

hello all

Ive got a situation here.  Ive got a bunch of computers in many different rooms, with many different users throughout the day.  But it appears that the admin password has gotten out.  Id like to be able to know when someone logs into a machine as an local administrator.  Is there a way to notify a user via email, or some other mechanism, when that happens?  THanks...
soBCAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Heem14Commented:
sure. put a script in that users startup folder. have it contain

@echo off
net send mycomputername admin has just logged into %computername%



then you will get messaged when someone logs in.
Big5250Commented:
If on a domain level, put a statment like this in the script

if "%username%"=="administrator" net send yourmachinename "Administrator is logging in on %computername%"

If not on domain level, create some local login scripts that you throw into the startup menu with the same above

hth
soBCAuthor Commented:
Thanks for the help.  I have to admit, I just got this gig and Im a little out of my element on this security stuff.  I think Big's answer is more what I need, but now that I know its possible I think my requirements are actually...

1.  To only be notified when a local admin user logs into a machine
2.  To store that information into a log file somewhere
3.  The ability to enable or disable this feature on a particular machine (remotely if possible)

Does that make things a lot more complicated?  Im not quite sure whats meant by "domain level".  All the computers are on a single domain, and all users are logged into the domain (as opposed to the local machine, i think).  

thanks again for the prompt responses...
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Big5250Commented:
1.) addressed above
2.) if %username%==administrator echo %time% %date% %servername% %username% >>\\machinename\share\adminlogin.log
3.) You can access each remote macine by their default admin shares...example

\\machine1\c$  Then drill down to the Documents and Settings\Administrator\start menu\programs\startup  This is where you would place the script.

If you wanted only the local admin info, then you would need to put it on a script on the individual machines, otherwise it won't be picked up when they log on locally because the script won't run from their domain login

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Heem14Commented:
well, considering our answers are almost identical...anyway.

1>

If you put the batch file into the startup folder for the local administrator, it will only be run if that user logs in. try

C:\Documents and Settings\administrator\Start Menu\Programs\Startup

2> add this to the batch file for logging:

echo %computername% %date% %time% >>C:\log.txt

you can also have that redirected to a network share, as long as a non-domain user will have access to write there. you can make a wide open hidden share just for this purpose, in which case change >>C:\log to >>\\server\hiddenshare$\log.txt

3>once you write the script you can simply add or remove it from the startup folder of any machine from your desk, as long as you have admin rights to it, which of couse I assume you do.
soBCAuthor Commented:
Much obliged.  I do have access rights to the machines, so getting into folders remotely shouldn't be a problem...
Big5250Commented:
Good luck!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.