Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

User Accessing Server 2008 R2

Posted on 2013-01-31
6
Medium Priority
?
189 Views
Last Modified: 2013-05-02
I suspect a user might be playing around in Active Directory and wondering if there is a way to find out who has been logging on to the server? She had reset her password for the domain and I think she may have done that on her own without my permission - so want to see if she is indeed getting into the server somehow....is there a way to find out?
0
Comment
Question by:Vicki Knutsen
  • 2
  • 2
  • 2
6 Comments
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38840189
0
 
LVL 1

Author Comment

by:Vicki Knutsen
ID: 38840223
wow a free tool that might help me figure this out- awesome - thanks - will try it out and see if it gives me the information I am looking for.
0
 
LVL 16

Expert Comment

by:Chris H
ID: 38840299
How are they accessing?  RDP, VNC, Logmein, or physically?
0
WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

 
LVL 1

Author Comment

by:Vicki Knutsen
ID: 38840308
I don't know for sure  - not physically logging in - would have to be RDP or VNC  - something like that probably.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38841069
When the RDP in the user account should not have administrator priviledges.

Also time to change the VNC password. If they need to VNC setup VNC with a read only password give them that one.
0
 
LVL 16

Accepted Solution

by:
Chris H earned 1500 total points
ID: 38841142
Something that malicious should be documented.  Just record their user sessions on their workstations and catch them in the act:

Install UltraVNC:
http://www.uvnc.com/downloads

Record their sessions:
http://www.uvnc.com/screenrecorder/

HIde the VNC icon:
http://forum.ultravnc.info/viewtopic.php?p=36056
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question