I am an administrator on our business network. My off-site collegue who has domain adminstration, tries and "tests" software on our live network. As a result, he connects to my servers and runs his "test". This causes a lot of issues, obviously. All my Security log reports is the usual time, date, event id and I see their user name. But what did they do? The event reads "Privilege Use". Ok, what privilege use did they do?
I would like to know if there is a "capturing" software that can tell me more when they connect.