Avatar of Pau Lo
Pau Lo
 asked on

User activity groups

I need some sort of general brain storming from you experts around user activity. Essentially there is a (slight/potential) allegation someone may have compromised another users domain username/password and logged into the domain from a PC with those credentials. In terms of “what they did” with that account what areas would you look to for clues, I could do with just a top 5 areas you’d review to see what kind of activity took place. Internet activity is the obvious but potentially many many more. If of any use the machines are XP.
Windows XPActive DirectoryMicrosoft Server OS

Avatar of undefined
Last Comment
Cris Hanna

8/22/2022 - Mon
Pau Lo

Cris Hanna

If the user name/password were used by the alleged perpetrator, there is no particular method to differentiate that activity from the valid user.   Unless the activity was performed from a different PC that the one the actual user uses daily

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Pau Lo

>Unless the activity was performed from a different PC that the one the actual user uses daily

We beleive so.
Your help has saved me hundreds of hours of internet surfing.
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.