|
Posted by Steven L Umbach on January 12, 2006, 1:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
The Windows 2003 Server Security guide has a lot of info on auditing and the
related Event ID's. To see both logon and logout you would need to enable
auditing of "logon" events in Local Security Policy [secpol.msc] or whatever
domain/OU level policy that enforces auditing if a domain computer. Be sure
to increase the size of your security log quite a bit from default to maybe
20MB or so. Third party programs use built in auditing but can make it
easier to print reports or find what you want. The links below may
lp. --- Steve
http://www.microsoft.com/downloads/details.aspx?FamilyId=8A2643C1-0685-4D89-B655-521EA6C7B4DB&displaylang=en
http://www.microsoft.com/technet/security/topics/auditingandmonitoring/securitymonitoring/default.mspx
http://www.gfi.com/lanselm/ --- S.E.L.M. from Languard and I believe you
can try it for free.
http://support.microsoft.com/default.aspx?scid=kb;en-us;308471 --- free
Event Comb from Microsoft that can help parse security logs.
> Where is the best place to go to find out how to use the security log in
> windows 2003? I have a 2003 Terminal Server and would like to only see
> when
> people login and logout, success/not.
>
> If there is a better third party program that you know of please tell me
> about that also.
>
> I just want to know who is using and trying to use the TS.
>
> Thanks,
> Zed
| 
XML site map