Solved

auditing the users to logon the particular system

Posted on 2008-10-15
5
270 Views
Last Modified: 2010-04-19
I have a domain controller(windows server 2003 enterprise edition).all the user account is configured in that. One of the user said his system is hacked by somebody. How can i audit , if anybody using that particular system from remote or through lan?? What are the steps to be done for this??

0
Comment
Question by:rujinrajj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 9

Accepted Solution

by:
chingmd earned 500 total points
ID: 22728380
look in the event viewer security log.  

Monitor netstat -a on the machine.  
run wireshark and dig through the traffic logs.

Run spyware, adaware scans, and antivirus.  (multiples)

Worst case scenario, reformat the client machine.  
0
 

Author Comment

by:rujinrajj
ID: 22747101
is there any other method through group policy
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22749898
not that I'm aware of.

0
 
LVL 9

Expert Comment

by:chingmd
ID: 22749906
look at the accounts on the accounts on the system, change password.  

If might be able to control logins through group policy.   But that's beyond my expertise.
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question