auditing the users to logon the particular system

I have a domain controller(windows server 2003 enterprise edition).all the user account is configured in that. One of the user said his system is hacked by somebody. How can i audit , if anybody using that particular system from remote or through lan?? What are the steps to be done for this??

Who is Participating?
chingmdConnect With a Mentor Commented:
look in the event viewer security log.  

Monitor netstat -a on the machine.  
run wireshark and dig through the traffic logs.

Run spyware, adaware scans, and antivirus.  (multiples)

Worst case scenario, reformat the client machine.  
rujinrajjAuthor Commented:
is there any other method through group policy
not that I'm aware of.

look at the accounts on the accounts on the system, change password.  

If might be able to control logins through group policy.   But that's beyond my expertise.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.