[isalist] Re: OT: AD Sync to help investigations
- From: Gene Sibbs <gen_sib@xxxxxxxxx>
- To: ISA Community <isalist@xxxxxxxxxxxxx>
- Date: Fri, 9 Feb 2007 07:02:42 -0800 (PST)
Define ?disconnected??
The PCs grew legs - more like stolen...
Machine shutdown, Machine restart, last refresh of the secure channel, etc.?
No, they were stolen
By default, the related DC security event logs contain machine as well as user
logon/logoff events. The Machines that disappeared are not listed on the event
log
I wanted to grab the event logs and give it to the investigating officer. I am
busy analayzing canonical name of object in AD- checking the last Update
Sequence Numbers (USNs). I also, went thru Symantec CC to check when lastly
did the missing box successful pulled definition files.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Gene Sibbs
Sent: Friday, February 09, 2007 2:47 AM
To: Active Directory; ISA Community
Subject: [isalist] OT: AD Sync to help investigations
Hi all
How can I reveal through Active Directory when lastly the member of domain
computer was disconnected from the domain. I need this information to help with
investigations, surely they should be some log file I can drill down to.
Thank you,
____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com
Other related posts:
