Security Basics mailing list archives
RE: Monitoring of Admin logins
From: "Scott Ramsdell" <Scott.Ramsdell () cellnet com>
Date: Tue, 10 Apr 2007 15:17:25 -0400
Sohail, You may want to monitor logon/logoff events on your domain controller. VB scripting would allow you to send an email when a particular event occurs.
From your post, I cannot tell if you have several users who share the
same admin account because you say they use "the admin account". From the rest of your post, it appears they use individual accounts with admin privs. If they use individual accounts, in the logon event, you would want to read the type (type 3 is over the network), and then read the details. The details will include username and workstation. You could then send yourself an email with the type and details. This solution would run as a VB script somewhere in your domain. Alternatively, simply assign a GPO to the admins which calls a login script. The login script would then be a VB script that emails you the username and workstation (or IP). Kind Regards, Scott Ramsdell CISSP, CCNA, MCSE Security Network Engineer -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Sohail Sarwar Sent: Tuesday, April 10, 2007 11:26 AM To: security-basics () securityfocus com Subject: Monitoring of Admin logins Hi there, I am assuming this have been done, but how ? I would like to get notified when a user logs in to my domain as an admin (Administrator) I have several people who are using the admin account, and I would like to setup something so that it notifies me via and email that a specific person has logged in to the domain controller or windows 2003 servers as the administrator. I guess something like who the user is and from where.. Is there such a thing ? Thanks, Sohail
Current thread:
- RE: Audit Windows files/folders, (continued)
- RE: Audit Windows files/folders J.M. Seitz (Apr 10)
- Message not available
- Fwd: Audit Windows files/folders kevin fielder (Apr 11)
- RE: Audit Windows files/folders Michael Wright (Apr 10)
- Monitoring of Admin logins Sohail Sarwar (Apr 10)
- RE: Monitoring of Admin logins Petter Bruland (Apr 10)
- RE: Monitoring of Admin logins Dixon, Wayne (Apr 10)
- Re: Monitoring of Admin logins Buz Dale (Apr 10)
- Re: Monitoring of Admin logins Steven Adair (Apr 11)
- Re: Monitoring of Admin logins Steven Hollingsworth (Apr 11)
- Re: Monitoring of Admin logins Tremaine Lea (Apr 10)
- RE: Monitoring of Admin logins Scott Ramsdell (Apr 10)
- RE: Monitoring of Admin logins Jim Hanlon (Apr 11)