Windows Password


I have questions.

1. Windows 2003 & 2008 there any log file exists, which have information about Administrator password & RDP port changed from which date/time/IP/etc.

2. Any application which keep these logs and send email to admin when server access/password/port change.

Who is Participating?
Mohammed KhawajaConnect With a Mentor Manager - Infrastructure:  Information TechnologyCommented:
The way Splunk works is as follows:

1. Install Splunk on a server
2. Install Splunk Light forwarder on your DC and configure it to send event logs to Splunk Server
3. Do the same on your RDS server
4. Once done, you should be able to see events in the Splunk Server
5. You could create dashboards, queries (i.e. log type (application, security, etc.), source (server), event ID, etc.)

Please refer to Splunk documentation and it is straight forward.  I don't have one running right now and I haven't used it for few months.
Auditing policy can handle the event log entry into the security log on a change.
Slunk can be used to aggregate data.
Windows 2008 can have eventlog forwarding events.

Installing snmp and then configuring the eventlog to snmp (evntwin) that will generate snmptrapd to an snmptrap server.

The snmptrapd server can be configured to generate an email when a specific type of alert comes in.

Optimal solution is to limit the number of administrators/users who can change administrators password.
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
There are logs but by default all auditing is not turned on.  What you could do is turn on auditing as from now on, keep proper logs.  Splunk or some other log consolidation software could be used for consolidating logs from various systems.
smksaAuthor Commented:
Hi  mnkhawaja,

Could you please share its process & method ?

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.