1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Security Auditing

Discussion in 'Windows Home Server' started by Willis, Oct 23, 2009.

  1. Willis

    Willis Guest

    Hello,

    Does anyone here have any good suggestions for security auditing in a SMB
    Server 2003 environment?

    We need a record of every time a user logins, logouts or unlocks windows xp
    on their local computer and preferably a central location to manage these
    records.

    I've been trying to use the DC security log to monitor events but it is so
    tedious sorting through object and login events by every program and user
    and it doesn't log when the user unlocks their windows session. It also
    fills up extrememly fast. We get barely get 20 hours with a 32MB file.
    There has to be a better way to manage these without spending a ton of money
    on a 3rd party event manager, right?

    Any help is appreciated.

    Thanks,
    Andrew
     
    Willis, Oct 23, 2009
    #1
  3. PA Bear [MS MVP]

    PA Bear [MS MVP] Guest

    [Crosspost much?]

    Willis wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Hello,
    >
    > Does anyone here have any good suggestions for security auditing in a SMB
    > Server 2003 environment?
    >
    > We need a record of every time a user logins, logouts or unlocks windows
    > xp
    > on their local computer and preferably a central location to manage these
    > records.
    >
    > I've been trying to use the DC security log to monitor events but it is so
    > tedious sorting through object and login events by every program and user
    > and it doesn't log when the user unlocks their windows session. It also
    > fills up extrememly fast. We get barely get 20 hours with a 32MB file.
    > There has to be a better way to manage these without spending a ton of
    > money
    > on a 3rd party event manager, right?
    >
    > Any help is appreciated.
    >
    > Thanks,
    > Andrew <!--colorc--><!--/colorc-->
     
    PA Bear [MS MVP], Oct 23, 2009
    #2
  4. PA Bear [MS MVP]

    PA Bear [MS MVP] Guest

    [Pointless & excessive crossposting eliminated]

    Got Google?

    cf.

    cf.



    Willis wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Hello,
    >
    > Does anyone here have any good suggestions for security auditing in a SMB
    > Server 2003 environment?
    >
    > We need a record of every time a user logins, logouts or unlocks windows
    > xp
    > on their local computer and preferably a central location to manage these
    > records.
    >
    > I've been trying to use the DC security log to monitor events but it is so
    > tedious sorting through object and login events by every program and user
    > and it doesn't log when the user unlocks their windows session. It also
    > fills up extrememly fast. We get barely get 20 hours with a 32MB file.
    > There has to be a better way to manage these without spending a ton of
    > money
    > on a 3rd party event manager, right?
    >
    > Any help is appreciated.
    >
    > Thanks,
    > Andrew <!--colorc--><!--/colorc-->
     
    PA Bear [MS MVP], Oct 23, 2009
    #3

Share This Page