Firewall Wizards mailing list archives
Re: NT
From: davidg () genmagic com (David Gillett)
Date: Fri, 5 Mar 1999 17:29:10 -0800
On 4 Mar 99, at 12:38, TWEEKERJAY () aol com wrote:
Is it possible to be traced as to what time and how long you have been online through a windows NT server?
The short answer is "yes". By default, auditing events to the security log is turned off, and some admins will undoubtedly leave it off for the sake of performance, but you should assume that an admin who cares will have enabled it.
If there is besides not being online is there a way to not be recorded and how would one view the records?
Well, one of the standard things to log is changes to the logging configuration. So while that might hide details of what you did (assuming you have the necessary rights), that's not going to hide the fact that you hid them. There's an Event Viewer application, and there are several things out there that will retrieve log records to an ASCII file. From the Event Viewer, it's possible to clear the local log, but again this will leave an obvious trace -- and these log retrieval utilities can be used to copy log records to another machine, so clearing the local log may not accomplish anything.
Any info would be appreciated
It sounds very much like you're attempting to violate some security policy somewhere. May I politely suggest that if you can't get the policy changed to allow what you have in mind, maybe you shouldn't do it?
Please forward this on to others on the list if you can Thanks again
Hmmm... If they're "on the list", they will have seen your message. Why should I forward it? David G