Solved

User Accessing Server 2008 R2

Posted on 2013-01-31
6
177 Views
Last Modified: 2013-05-02
I suspect a user might be playing around in Active Directory and wondering if there is a way to find out who has been logging on to the server? She had reset her password for the domain and I think she may have done that on her own without my permission - so want to see if she is indeed getting into the server somehow....is there a way to find out?
0
Comment
Question by:Vicki Knutsen
  • 2
  • 2
  • 2
6 Comments
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38840189
0
 
LVL 1

Author Comment

by:Vicki Knutsen
ID: 38840223
wow a free tool that might help me figure this out- awesome - thanks - will try it out and see if it gives me the information I am looking for.
0
 
LVL 16

Expert Comment

by:choward16980
ID: 38840299
How are they accessing?  RDP, VNC, Logmein, or physically?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 1

Author Comment

by:Vicki Knutsen
ID: 38840308
I don't know for sure  - not physically logging in - would have to be RDP or VNC  - something like that probably.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38841069
When the RDP in the user account should not have administrator priviledges.

Also time to change the VNC password. If they need to VNC setup VNC with a read only password give them that one.
0
 
LVL 16

Accepted Solution

by:
choward16980 earned 500 total points
ID: 38841142
Something that malicious should be documented.  Just record their user sessions on their workstations and catch them in the act:

Install UltraVNC:
http://www.uvnc.com/downloads

Record their sessions:
http://www.uvnc.com/screenrecorder/

HIde the VNC icon:
http://forum.ultravnc.info/viewtopic.php?p=36056
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your computer hacked? learn how to detect and delete malware in your PC
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question