Security Auditing

W

Willis

Hello,

Does anyone here have any good suggestions for security auditing in a SMB
Server 2003 environment?

We need a record of every time a user logins, logouts or unlocks windows xp
on their local computer and preferably a central location to manage these
records.

I've been trying to use the DC security log to monitor events but it is so
tedious sorting through object and login events by every program and user
and it doesn't log when the user unlocks their windows session. It also
fills up extrememly fast. We get barely get 20 hours with a 32MB file.
There has to be a better way to manage these without spending a ton of money
on a 3rd party event manager, right?

Any help is appreciated.

Thanks,
Andrew
 
P

PA Bear [MS MVP]

[Crosspost much?]

Willis wrote:
> Hello,
>
> Does anyone here have any good suggestions for security auditing in a SMB
> Server 2003 environment?
>
> We need a record of every time a user logins, logouts or unlocks windows
> xp
> on their local computer and preferably a central location to manage these
> records.
>
> I've been trying to use the DC security log to monitor events but it is so
> tedious sorting through object and login events by every program and user
> and it doesn't log when the user unlocks their windows session. It also
> fills up extrememly fast. We get barely get 20 hours with a 32MB file.
> There has to be a better way to manage these without spending a ton of
> money
> on a 3rd party event manager, right?
>
> Any help is appreciated.
>
> Thanks,
> Andrew
 
P

PA Bear [MS MVP]

[Pointless & excessive crossposting eliminated]

Got Google?

cf. http://articles.techrepublic.com.com/5100-...11-6074792.html

cf.
http://www.trainsignal.com/Windows-Server-...aining-P17.aspx


Willis wrote:
> Hello,
>
> Does anyone here have any good suggestions for security auditing in a SMB
> Server 2003 environment?
>
> We need a record of every time a user logins, logouts or unlocks windows
> xp
> on their local computer and preferably a central location to manage these
> records.
>
> I've been trying to use the DC security log to monitor events but it is so
> tedious sorting through object and login events by every program and user
> and it doesn't log when the user unlocks their windows session. It also
> fills up extrememly fast. We get barely get 20 hours with a 32MB file.
> There has to be a better way to manage these without spending a ton of
> money
> on a 3rd party event manager, right?
>
> Any help is appreciated.
>
> Thanks,
> Andrew
 
You must log in or register to reply here.

Similar threads

R
Window server 2022: limit the number of concurrent logins from members of a security group
Replies
0
Views
41
Rafael Funes 17
R
A
Event 4673, Micorsoft Windows Security Auditing, A privileged service was called.
Replies
0
Views
34
Abdulaziz Aljaberi
A
D
  • Article
Taking steps that drive resiliency and security for Windows customers
Replies
0
Views
49
David Weston, Vice President Enterprise and OS
D
N
Ignite 2022: What's new in Windows Server Azure Edition
Replies
0
Views
102
Ned Pyle
N
R
Windows Server 2025 Secured-core Server
Replies
0
Views
54
RoySasabe
R
Back
Top Bottom