Windows 2000 Server logs

0 pts.
Tags:
Access control
Application security
backdoors
Biometrics
Browsers
Compliance
configuration
CRM
Current threats
Database
DataCenter
Digital certificates
Disaster Recovery
Encryption
filtering
Firewalls
Forensics
Hacking
human factors
Identity & Access Management
Incident response
Instant Messaging
Intrusion management
Microsoft Exchange
Network security
patching
PEN testing
Platform Security
Policies
provisioning
Risk management
Secure Coding
Security
Security Program Management
Security tokens
Servers
Single sign-on
Spyware
SSL/TLS
Trojans
Viruses
VPN
vulnerability management
Web security
Wireless
worms
Hi All, Basically i want to monitor all the activities of my administrators. Is there any way I can find out all the activities on a Windows 2000 Server eg:- success / failure logs ,which users had logged on to a server , user creation time ,service stopped at what time, what scripts have been executed, what are the changes made in the group policy etc. A tool (licenced / free) will also suffice my requirement.
ASKED: September 1, 2005  6:17 AM
UPDATED: September 16, 2005  5:25 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

If you are looking for a covert way to monitor then you might want to look at a product called Track4Win. I’m not sure if it will do everything you want but I know you can get a free trial. There are probably a million other products that do the same thing out there, this is the one that I have come in contact with before.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Howard2nd
    A - Be sure the activities of interest are being monitored. By default only some actions are auditied, add those actions of interest. B - Server logs (especially 2000) can inundate you with information. Event viewer has filtering capabilities for view but poor for export/save of files. C - Microsoft knows this and has a 'FREE' tool called Log Parser (current vesion 2.2) comes with a comprehensive help (examples) and runs from the command line. Before going to 3rd party applications try these to see if it meets your needs. Good luck.
    30 pointsBadges:
    report
  • Dargandk
    It is a two edge sword, an Admin would normally have all the powers to remove the tracks. If he knows what he is doing. But there are few things, which can be done 1- Log everything system events + application logs +keyboard taps to another system. Which is not controlled by the same admin group. there are plenty of syslog applications, even free one . Although good key loggers would cost you . Keep the logging system, logically separate than windows environment. I would prefer a Linux machine 2- For system partition create image backup , incremental using software like Norton Ghost. It takes long time, but in case something does go wrong. You can bring another system back in few minutes and do the forensic checks Dharminder Dargan
    0 pointsBadges:
    report
  • Aquaticous
    Also, you may want to check out a few scripts from, http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx . There should be some good Admin scripts here that can create some logs for you without having to tweak every good setting within the MSC. This will simplify, plus create exactly what you want. Hope this helps!
    0 pointsBadges:
    report
  • Happyard
    Monitoring servers and users can be dangerous. Be aware not to jump to conclusions! I use SyslogServer (www.syslogserver.com) to monitor our servers. I cost $49 in a Small Business edition. It has an agent you can install on the monitored servers. It can post the entries in your event logs to a dedicated syslog server. It can also post entries from almost anykind of logfile. Best Ole
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following