Security Basics mailing list archives
RE: Monitoring of Admin logins
From: "Jim Hanlon" <JHanlon () jchci com>
Date: Tue, 10 Apr 2007 21:42:59 -0500
We use a commercial product called EventTracker by Prism Microsystems for managing our account auditing. The product allows us to set alerts on user ID activity whether it is over the network (using active directory) or interactive login on a local machine and/or even Syslog events. We are then able to correlate all of the activity the user account was used for over any period of time in question. On another note; it is always better to disallow the use of any account that does not provide you with non-repudiation for the use of an account. The use of the Administrator account by more than one person voids your ability to tie the account to a person. This is particularly troublesome especially if you have a policy that holds the user accountable for any activity that is done with the use of their account. In a way you would be making your policy unenforceable. Jim Phone US (586) 435-6231 Fax US (586) 435-6245 Email: Jhanlon () JCHCI com Website: http://www.JCHCI.com Enterprise Security at the Speed of Business ________________________________ -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Sohail Sarwar Sent: Tuesday, April 10, 2007 12:26 PM To: security-basics () securityfocus com Subject: Monitoring of Admin logins Hi there, I am assuming this have been done, but how ? I would like to get notified when a user logs in to my domain as an admin (Administrator) I have several people who are using the admin account, and I would like to setup something so that it notifies me via and email that a specific person has logged in to the domain controller or windows 2003 servers as the administrator. I guess something like who the user is and from where.. Is there such a thing ? Thanks, Sohail
Current thread:
- Fwd: Audit Windows files/folders, (continued)
- Message not available
- Fwd: Audit Windows files/folders kevin fielder (Apr 11)
- RE: Audit Windows files/folders Michael Wright (Apr 10)
- Monitoring of Admin logins Sohail Sarwar (Apr 10)
- RE: Monitoring of Admin logins Petter Bruland (Apr 10)
- RE: Monitoring of Admin logins Dixon, Wayne (Apr 10)
- Re: Monitoring of Admin logins Buz Dale (Apr 10)
- Re: Monitoring of Admin logins Steven Adair (Apr 11)
- Re: Monitoring of Admin logins Steven Hollingsworth (Apr 11)
- Re: Monitoring of Admin logins Tremaine Lea (Apr 10)
- RE: Monitoring of Admin logins Scott Ramsdell (Apr 10)
- RE: Monitoring of Admin logins Jim Hanlon (Apr 11)