User Accessing Server 2008 R2

I suspect a user might be playing around in Active Directory and wondering if there is a way to find out who has been logging on to the server? She had reset her password for the domain and I think she may have done that on her own without my permission - so want to see if she is indeed getting into the server somehow....is there a way to find out?
LVL 1
Vicki KnutsenAsked:
Who is Participating?
 
Chris HInfrastructure ManagerCommented:
Something that malicious should be documented.  Just record their user sessions on their workstations and catch them in the act:

Install UltraVNC:
http://www.uvnc.com/downloads

Record their sessions:
http://www.uvnc.com/screenrecorder/

HIde the VNC icon:
http://forum.ultravnc.info/viewtopic.php?p=36056
0
 
Thomas GrassiSystems AdministratorCommented:
0
 
Vicki KnutsenAuthor Commented:
wow a free tool that might help me figure this out- awesome - thanks - will try it out and see if it gives me the information I am looking for.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
Chris HInfrastructure ManagerCommented:
How are they accessing?  RDP, VNC, Logmein, or physically?
0
 
Vicki KnutsenAuthor Commented:
I don't know for sure  - not physically logging in - would have to be RDP or VNC  - something like that probably.
0
 
Thomas GrassiSystems AdministratorCommented:
When the RDP in the user account should not have administrator priviledges.

Also time to change the VNC password. If they need to VNC setup VNC with a read only password give them that one.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.