Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

auditing the users to logon the particular system

Posted on 2008-10-15
5
266 Views
Last Modified: 2010-04-19
I have a domain controller(windows server 2003 enterprise edition).all the user account is configured in that. One of the user said his system is hacked by somebody. How can i audit , if anybody using that particular system from remote or through lan?? What are the steps to be done for this??

0
Comment
Question by:rujinrajj
  • 3
5 Comments
 
LVL 9

Accepted Solution

by:
chingmd earned 500 total points
ID: 22728380
look in the event viewer security log.  

Monitor netstat -a on the machine.  
run wireshark and dig through the traffic logs.

Run spyware, adaware scans, and antivirus.  (multiples)

Worst case scenario, reformat the client machine.  
0
 

Author Comment

by:rujinrajj
ID: 22747101
is there any other method through group policy
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22749898
not that I'm aware of.

0
 
LVL 9

Expert Comment

by:chingmd
ID: 22749906
look at the accounts on the accounts on the system, change password.  

If might be able to control logins through group policy.   But that's beyond my expertise.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question