Re: NT

[davidg () genmagic com (David Gillett)]

On 4 Mar 99, at 12:38, TWEEKERJAY () aol com wrote:

> Is it possible to be traced as to what time and how long you have
> been online through a windows NT server? 

  The short answer is "yes".  By default, auditing events to the security 
log is turned off, and some admins will undoubtedly leave it off for the 
sake of performance, but you should assume that an admin who cares will 
have enabled it.

> If there is besides not being online is there a way to not be
> recorded and how would one view the records? 

  Well, one of the standard things to log is changes to the logging 
configuration.  So while that might hide details of what you did (assuming 
you have the necessary rights), that's not going to hide the fact that you 
hid them.
  There's an Event Viewer application, and there are several things out 
there that will retrieve log records to an ASCII file.  From the Event 
Viewer, it's possible to clear the local log, but again this will leave an 
obvious trace -- and these log retrieval utilities can be used to copy log 
records to another machine, so clearing the local log may not 
accomplish anything.

> Any info would be appreciated 

  It sounds very much like you're attempting to violate some security 
policy somewhere.  May I politely suggest that if you can't get the policy 
changed to allow what you have in mind, maybe you shouldn't do it?

> Please forward this on to others on the list if you can Thanks again

  Hmmm...  If they're "on the list", they will have seen your message.  
Why should I forward it?  

David G