Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Security Auditing
Security Auditing [message #295930] Fri, 23 October 2009 12:05 Go to next message
Willis  is currently offline Willis  United States
Messages: 9
Registered: August 2009
Junior Member
Hello,

Does anyone here have any good suggestions for security auditing in a SMB
Server 2003 environment?

We need a record of every time a user logins, logouts or unlocks windows xp
on their local computer and preferably a central location to manage these
records.

I've been trying to use the DC security log to monitor events but it is so
tedious sorting through object and login events by every program and user
and it doesn't log when the user unlocks their windows session. It also
fills up extrememly fast. We get barely get 20 hours with a 32MB file.
There has to be a better way to manage these without spending a ton of money
on a 3rd party event manager, right?

Any help is appreciated.

Thanks,
Andrew
Re: Security Auditing [message #296059 is a reply to message #295930] Fri, 23 October 2009 13:29 Go to previous messageGo to next message
PABearMVP  is currently offline PABearMVP  United States
Messages: 7967
Registered: October 2009
Senior Member
[Crosspost much?]

Willis wrote:
> Hello,
>
> Does anyone here have any good suggestions for security auditing in a SMB
> Server 2003 environment?
>
> We need a record of every time a user logins, logouts or unlocks windows
> xp
> on their local computer and preferably a central location to manage these
> records.
>
> I've been trying to use the DC security log to monitor events but it is so
> tedious sorting through object and login events by every program and user
> and it doesn't log when the user unlocks their windows session. It also
> fills up extrememly fast. We get barely get 20 hours with a 32MB file.
> There has to be a better way to manage these without spending a ton of
> money
> on a 3rd party event manager, right?
>
> Any help is appreciated.
>
> Thanks,
> Andrew
Re: Security Auditing [message #298295 is a reply to message #295930] Mon, 26 October 2009 06:22 Go to previous message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
If you are looking at the growth on the dc and you have a lot of clients,
that growth is relatively normal. We ended up purchasing a third party
product and outputting it to a SQL Server DB that stay at about 8 gb for 30
days of logs. The third party product does allow us to par back with logs
we save but we just keep them all. We use Event Sentry.

You can log the activity on a single machine but unless you are interested
in a specific machine this would be a bad idea.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Willis" <willis@donotemailme.com> wrote in message
news:OKplxtAVKHA.4780@TK2MSFTNGP05.phx.gbl...
> Hello,
>
> Does anyone here have any good suggestions for security auditing in a SMB
> Server 2003 environment?
>
> We need a record of every time a user logins, logouts or unlocks windows
> xp on their local computer and preferably a central location to manage
> these records.
>
> I've been trying to use the DC security log to monitor events but it is so
> tedious sorting through object and login events by every program and user
> and it doesn't log when the user unlocks their windows session. It also
> fills up extrememly fast. We get barely get 20 hours with a 32MB file.
> There has to be a better way to manage these without spending a ton of
> money on a 3rd party event manager, right?
>
> Any help is appreciated.
>
> Thanks,
> Andrew
>
Previous Topic:Group Policy Results tool reports computer isn't part of computer security groups?
Next Topic:Windows Server 2008 Ent With AD Crashed= URGENT
Goto Forum:
  


Current Time: Tue Jan 16 04:16:51 MST 2018

Total time taken to generate the page: 0.03615 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software