[windows2000] Re: Auditing
- From: "Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx>
- To: "'windows2000@xxxxxxxxxxxxx'" <windows2000@xxxxxxxxxxxxx>
- Date: Mon, 8 Dec 2003 12:04:55 -0500
Not a real easy task unless you have auditing turned on already...
Easiest way, for a win2K AD environment, is to go to the OU that every
"server" (i.e., any machine that the user may access remotely, even if it is
just a workstation with a shared printer) is in, and turn on auditing.
Then, for all the files that the user may potentially access, you must go to
the file level (root folders are OK) and turn on auditing for that user
account on that object.
You may be better off doing this a different way. I can think of two:
1. Screen/keyboard capture utility.
2. Sniffer on the wire between him and the nearest switch, with a filter for
his MAC.
But those don't really answer the question... those two will capture
everything that a COMPUTER does on the network, but if the user switches
computers, the auditing does not follow.
So I guess, to really answer correctly, we need more info on the environment
and the possible data that you are hoping to acquire.
HTH. HAND,
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: Justin Martin [mailto:jmartin@xxxxxxxxxx]
Sent: Monday, December 08, 2003 9:38 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Auditing
I need to watch everything that one network user is doing. What is the best
way to audit everything that this user is touching on the network?
Thanks
Justin
Other related posts:
