How can I log ALL connection to my Windows 2003 server?
I am an administrator on our business network. My off-site collegue who has domain adminstration, tries and "tests" software on our live network. As a result, he connects to my servers and runs his "test". This causes a lot of issues, obviously. All my Security log reports is the usual time, date, event id and I see their user name. But what did they do? The event reads "Privilege Use". Ok, what privilege use did they do?
I would like to know if there is a "capturing" software that can tell me more when they connect.
Thanks.
I would like to know if there is a "capturing" software that can tell me more when they connect.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
WireShark seems to be something I can use and will try. - Makes sense.
Auditing Privilege use I have to think about. Because it uses group policies it would alert the rest of my team. I need to think about this.
- Thanks.
Auditing Privilege use I have to think about. Because it uses group policies it would alert the rest of my team. I need to think about this.
- Thanks.
I don't have a lot of experience with any screen recorded except Techsmith but I think it's only for creating videos.
They System log usually shows programs getting installed and uninstalled, if I remember right. Or maybe that's restore point log.
Either way, I would look at screen recorders to 'understand' what he's doing.
hope that helps.