auditing the users to logon the particular system

I have a domain controller(windows server 2003 enterprise edition).all the user account is configured in that. One of the user said his system is hacked by somebody. How can i audit , if anybody using that particular system from remote or through lan?? What are the steps to be done for this??

rujinrajjAsked:
Who is Participating?
 
chingmdConnect With a Mentor Commented:
look in the event viewer security log.  

Monitor netstat -a on the machine.  
run wireshark and dig through the traffic logs.

Run spyware, adaware scans, and antivirus.  (multiples)

Worst case scenario, reformat the client machine.  
0
 
rujinrajjAuthor Commented:
is there any other method through group policy
0
 
chingmdCommented:
not that I'm aware of.

0
 
chingmdCommented:
look at the accounts on the accounts on the system, change password.  

If might be able to control logins through group policy.   But that's beyond my expertise.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.