How to log down command or action done on server

S

SK

Hi,
I want to know whether it is possible for Windows Server 2003 to log down
command or action done on it. If yes, how to accomplish this. Thanks.

SK
 
S

S. Pidgorny

That is virtually impossible on any OS. I think you can trace OS system
calls but overwhelming amount of information will be more or less useless.

What exactly are you trying to achieve?

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"SK" <SK@discussions.microsoft.com> wrote in message
news:A2ABB7A8-EC99-43B0-B543-EAC668DD8CBA@microsoft.com...
> Hi,
> I want to know whether it is possible for Windows Server 2003 to log down
> command or action done on it. If yes, how to accomplish this. Thanks.
>
> SK
 
S

SK

Hi,
I want to log down any action both entering command or clicking via GUI done
on the server, so that I can trace whether the server is being used by
someone unexpectedly. Thanks.

SK

"S. Pidgorny <MVP>" wrote:

> That is virtually impossible on any OS. I think you can trace OS system
> calls but overwhelming amount of information will be more or less useless.
>
> What exactly are you trying to achieve?
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> "SK" <SK@discussions.microsoft.com> wrote in message
> news:A2ABB7A8-EC99-43B0-B543-EAC668DD8CBA@microsoft.com...
> > Hi,
> > I want to know whether it is possible for Windows Server 2003 to log down
> > command or action done on it. If yes, how to accomplish this. Thanks.
> >
> > SK
>
>
>
 
S

S. Pidgorny

Audit log ons and running all the .exe files on the current image


--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"SK" <SK@discussions.microsoft.com> wrote in message
news:764783D4-7E95-46F0-8CD4-AEE28BE55A6C@microsoft.com...
> Hi,
> I want to log down any action both entering command or clicking via GUI
> done
> on the server, so that I can trace whether the server is being used by
> someone unexpectedly. Thanks.
>
> SK
>
> "S. Pidgorny <MVP>" wrote:
>
>> That is virtually impossible on any OS. I think you can trace OS system
>> calls but overwhelming amount of information will be more or less
>> useless.
>>
>> What exactly are you trying to achieve?
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>
>> "SK" <SK@discussions.microsoft.com> wrote in message
>> news:A2ABB7A8-EC99-43B0-B543-EAC668DD8CBA@microsoft.com...
>> > Hi,
>> > I want to know whether it is possible for Windows Server 2003 to log
>> > down
>> > command or action done on it. If yes, how to accomplish this. Thanks.
>> >
>> > SK
>>
>>
>>
 
S

SK

Hi Pidgorny,
Can you describe in more details on how to "running all the .exe files on
the current image" after enabling the audit logging? Thanks.

SK

"S. Pidgorny <MVP>" wrote:

> Audit log ons and running all the .exe files on the current image
>
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> "SK" <SK@discussions.microsoft.com> wrote in message
> news:764783D4-7E95-46F0-8CD4-AEE28BE55A6C@microsoft.com...
> > Hi,
> > I want to log down any action both entering command or clicking via GUI
> > done
> > on the server, so that I can trace whether the server is being used by
> > someone unexpectedly. Thanks.
> >
> > SK
> >
> > "S. Pidgorny <MVP>" wrote:
> >
> >> That is virtually impossible on any OS. I think you can trace OS system
> >> calls but overwhelming amount of information will be more or less
> >> useless.
> >>
> >> What exactly are you trying to achieve?
> >>
> >> --
> >> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> >> -= F1 is the key =-
> >>
> >> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
> >>
> >> "SK" <SK@discussions.microsoft.com> wrote in message
> >> news:A2ABB7A8-EC99-43B0-B543-EAC668DD8CBA@microsoft.com...
> >> > Hi,
> >> > I want to know whether it is possible for Windows Server 2003 to log
> >> > down
> >> > command or action done on it. If yes, how to accomplish this. Thanks.
> >> >
> >> > SK
> >>
> >>
> >>
>
>
>
 
S

S. Pidgorny

Easy. Once the audit on the files is enabled, access to .exe files will be
audited. The information will include who runs what.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"SK" <SK@discussions.microsoft.com> wrote in message
news:C57E4902-759E-459E-92C5-AE83E9734423@microsoft.com...
> Hi Pidgorny,
> Can you describe in more details on how to "running all the .exe files on
> the current image" after enabling the audit logging? Thanks.
>
> SK
>
> "S. Pidgorny <MVP>" wrote:
>
>> Audit log ons and running all the .exe files on the current image
>>
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>
>> "SK" <SK@discussions.microsoft.com> wrote in message
>> news:764783D4-7E95-46F0-8CD4-AEE28BE55A6C@microsoft.com...
>> > Hi,
>> > I want to log down any action both entering command or clicking via GUI
>> > done
>> > on the server, so that I can trace whether the server is being used by
>> > someone unexpectedly. Thanks.
>> >
>> > SK
>> >
>> > "S. Pidgorny <MVP>" wrote:
>> >
>> >> That is virtually impossible on any OS. I think you can trace OS
>> >> system
>> >> calls but overwhelming amount of information will be more or less
>> >> useless.
>> >>
>> >> What exactly are you trying to achieve?
>> >>
>> >> --
>> >> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> >> -= F1 is the key =-
>> >>
>> >> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>> >>
>> >> "SK" <SK@discussions.microsoft.com> wrote in message
>> >> news:A2ABB7A8-EC99-43B0-B543-EAC668DD8CBA@microsoft.com...
>> >> > Hi,
>> >> > I want to know whether it is possible for Windows Server 2003 to log
>> >> > down
>> >> > command or action done on it. If yes, how to accomplish this.
>> >> > Thanks.
>> >> >
>> >> > SK
>> >>
>> >>
>> >>
>>
>>
>>
 
You must log in or register to reply here.

Similar threads

P
Shut down windows popup is showing up continuously.
Replies
0
Views
23
Praveen Nelakuditi
P
S
Hyper-V inaccessible except through Window Admin Center
Replies
0
Views
16
SkyBlue.88
S
F
Can I transfer or clone my window 11 pro installation from my SSD internal drive 1 to my second SSD internal drive 0?
Replies
0
Views
35
Fatcat Base
F
C
Where can I send windows event logs to fix an error?
Replies
0
Views
9
Cain Jenkins
C
D
SSH into Microsoft Linked Windows 11 account not working
Replies
0
Views
28
davidhj
D
Back
Top Bottom