Solved

Tracking logins securely with Windows Server 2003

Posted on 2007-11-19
8
905 Views
Last Modified: 2013-12-04
I need to find out a way to track all user logins to the console of a Server 2003 system. I need to track any administrator logins from either remote (via Terminal Services) or just a standard login directly to the console.
0
Comment
Question by:seandolan
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 50 total points
ID: 20316897
you will need to enable auditing on your domain controllers group policy...
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 50 total points
ID: 20317014
0
 
LVL 3

Author Comment

by:seandolan
ID: 20317647
The only problem is that with both processes, the logging can be cleared. If someone was to logon as an administrator they could clear this off without any security getting in their way.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 50 total points
ID: 20318139
The solution for clearing the logs is having them shipped to a central log reporting system.
And closely guarding who has access to that reporting (and log-backup) system.

Consul has (or had) such a system, but they have been recently acquired by IBM. They used to market it as a system to watch the gatekeepers, or something along that line. Don't know the exact status of that software. It's now part of Tivoli, and I'm not sure if it's available seperatly. See http://www-306.ibm.com/software/tivoli/welcome/consul/index.html and check with your IBM reseller.

An alternative is Snare. It uses open source agents to ship the logs, to an open source Snare backlog server. See: http://www.intersectalliance.com/projects/SnareBackLog/index.html
There is also a more extensive appliance-server available for this: the InterSect Alliance 'Snare Server' appliance.

BTW, clearing the event logs always adds a first entry to the logs saying that it has been cleared. So you always know that someone has been tampering. If each administrator has it's own private login and passwords are kept secure, then you also know who did it.

J.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 20318157
And I forgot about one of my favorites, GFI: http://www.gfi.com/eventsmanager/
I have always found the GFI tools easy to use (in a Microsoft only environment).

J.
0
 
LVL 3

Author Comment

by:seandolan
ID: 20323788
I found a way to do this through using an app call EventLogXP, I just take an automatic backup every minute and send it to an ftp location. This is working fine now.

http://www.eventlogxp.com/
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20324486
nice work
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question