account logons
in [Windows Servers]
|
From: Cuan on 8 Apr 2010 20:18 hi you can use eventcombmt.exe from the windows resource kit to search your domain controllers for specific security event logs. i think event id 673 will give you success and failure audit logs. event comb can save the report in csv for you to easily read and format it. cuan KDawg44 wrote: Finding Admin Logins in Security Event Log 07-Apr-10 Hello, I am need to be able to search, alert, and report on data from the Windows Security Event Log. I need to be able to determine if any login attempts (success|failure) are for users who have elevated priveleges (administrator). This could be the administrator account or any account that has admin priveleges. Is there somewhere in the security event log that gives me an idea the level of priveleges the user logging in has? Thanks. Kevin Previous Posts In This Thread: Submitted via EggHeadCafe - Software Developer Portal of Choice WPF Reflection Effect http://www.eggheadcafe.com/tutorials/aspnet/8cc84aa8-3b44-4037-beab-49bd76e20b9b/wpf-reflection-effect.aspx
From: KDawg44 on 9 Apr 2010 08:24 On Apr 8, 8:18 pm, Cuan Blane wrote: > hi > you can use eventcombmt.exe from the windows resource kit to search your domain controllers for specific security event logs. > i think event id 673 will give you success and failure audit logs. event comb can save the report in csv for you to easily read and format it. > > cuan > > KDawg44 wrote: > > Finding Admin Logins in Security Event Log > 07-Apr-10 > > Hello, > > I am need to be able to search, alert, and report on data from the > Windows Security Event Log. I need to be able to determine if any > login attempts (success|failure) are for users who have elevated > priveleges (administrator). This could be the administrator account > or any account that has admin priveleges. Is there somewhere in the > security event log that gives me an idea the level of priveleges the > user logging in has? > > Thanks. > > Kevin > > Previous Posts In This Thread: > > Submitted via EggHeadCafe - Software Developer Portal of Choice > WPF Reflection Effecthttp://www.eggheadcafe.com/tutorials/aspnet/8cc84aa8-3b44-4037-beab-4... I have a log aggregator to compile and search the event logs. What I was hoping for is a specific field in my logon events that illustrates the privleges. I don't want to send pages out if John Smith connects to the server, but if Fred Flintstone does, he has administrator privileges and I need to page out to specific individuals. Thanks for your help. Kevin
|
Pages: 1 Prev: DHCP on workgroup help Next: DNS is automatically changed |