Build Your Own Arcade Controls Forum

Main => Everything Else => Topic started by: hulkster on April 11, 2005, 01:20:39 pm

Title: security problems...how can i track login attempts?
Post by: hulkster on April 11, 2005, 01:20:39 pm

for those of you who are in the know about networks (in this case Windows 2000 server environment)....here at work an employee guessed someone's password and logged in as them and possibly looked at files they werent supposed to.  of course i need to find out if she did indeed login to this particular pc. 

i looked at the event viewer at the Security Log, but it only shows the server name under the "Computer" column.  i want to know what computer she logged into, on a certain day.  is there a way to tell this from the server?

Title: Re: security problems...how can i track login attempts?
Post by: GGKoul on April 11, 2005, 01:24:28 pm

If someone logged in as that person, then everything will look like that person logged in.

Title: Re: security problems...how can i track login attempts?
Post by: hulkster on April 11, 2005, 01:42:38 pm

well apparently someone guessed the employee's password and logged into the employee's PC and sent some emails and accessed the internet.  this pc is another city but it is on our network.  we dont have any tracking software or logging software, so how would i find out when it was accessed? 

Title: Re: security problems...how can i track login attempts?
Post by: GGKoul on April 11, 2005, 01:47:35 pm

If you have an Exchange box, you may be able to see when they last logged in.

As for surfing, you can view the Internet History to see what sites then visited.

Title: Re: security problems...how can i track login attempts?
Post by: Thenasty on April 11, 2005, 02:16:28 pm

time to change password and it seems like it was an easy password to guess. You need to combine some numbers with alphas and tell that user not to use the obvious that someone can guess. Set server login attempts to lockout after 3 tries.

Title: Re: security problems...how can i track login attempts?
Post by: hulkster on April 11, 2005, 03:33:03 pm

i have all those security features, but i think this password was written down and somebody went snooping.  its being handled though.

Title: Re: security problems...how can i track login attempts?
Post by: DemonBrew on April 11, 2005, 04:03:15 pm

What "server" are you looking at? Is it a Domain Controller? In any event, the feature you are looking for is called "security auditing" in Event Viewer and is not turned by default (thanks MicroSoft!). Here's how to turn on security auditing on Windows XP Pro.

http://netsecurity.about.com/cs/tutorials/ht/ht040503.htm

If you have security auditing turned on and Successful Logins enabled, then it should be in the Security log of Event Viewer.

Title: Re: security problems...how can i track login attempts?
Post by: DemonBrew on April 12, 2005, 07:20:53 am

Here's some more links on security auditing:

http://searchwindowssecurity.techtarget.com/generic/0,295582,sid45_gci1050187,00.html

http://www.windowsecurity.com/articles/Deciphering-Authentication-Events-Domain-Controllers.html