Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Logon Audit Issue

Logon Audit Issue

Forum Windows 2000/NT : Windows 2000/NT General Discussion - Logon Audit Issue

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!

Ask the community Add a reply

Bottom Search this thread

Archived from groups: microsoft.public.win2000.security (More info?)

I have spent a couple hours searching for an answer I
have yet to find. I currently work on a Windows 2000
Server that audits all Login attempts to each individual
PC on our network. We recently had a computer crash and
I wanted to review our latest users, but found that I can
only access the audit files if I am able to connect to
that PC. Since the PC crashed and the hard drive is
shot, this is impossible.

My question is how can I take those audit files and have
them send the information to an "off-shore" computer
(aka, the Windows 2000 Server) so that I can view the
files remotely.

To all potential responders, please note that I have
tried the Console approach, but it will not let me Audit
from the Server.

Add a reply

Archived from groups: microsoft.public.win2000.security (More info?)

I think you are looking for this.
Microsoft Audit Collection System (MACS) is a fast and secure collection of
security events across servers to central SQL database. This provides
real-time intrusion detection from collector or as-need reporting from
databases, which can be queried using any SQL based tools. Currently in
Beta.
http://download.microsoft.com/docu [...] erview.doc

The name of it has also changed since this doc was released...I believe it
is now called ACS instead of MACS.

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

Reply to Anonymous

Archived from groups: microsoft.public.win2000.security (More info?)

If they can email you the .evt files or you can copy them to your computer, you
should be able to view them on your computer. Otherwise you may be able to use a tool
such as Ntlast from FoundStone to read saved .evt files.

http://www.foundstone.com/?subnav= [...] ntlast.htm

To use Ntlast remotely, it could be installed on a remote computer and then you could
use psexec from SysInternals to execute it remotely from your computer to view the
..evt files. --- Steve

http://www.sysinternals.com/ntw2k/ [...] exec.shtml

"Jordan" <Parker402@hillcrestfd.org> wrote in message
news:2a11b01c46634$b0bac820$a501280a@phx.gbl...
> I have spent a couple hours searching for an answer I
> have yet to find. I currently work on a Windows 2000
> Server that audits all Login attempts to each individual
> PC on our network. We recently had a computer crash and
> I wanted to review our latest users, but found that I can
> only access the audit files if I am able to connect to
> that PC. Since the PC crashed and the hard drive is
> shot, this is impossible.
>
> My question is how can I take those audit files and have
> them send the information to an "off-shore" computer
> (aka, the Windows 2000 Server) so that I can view the
> files remotely.
>
> To all potential responders, please note that I have
> tried the Console approach, but it will not let me Audit
> from the Server.

Reply to Anonymous

Ask the community Add a reply

Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Logon Audit Issue

Go to:

Help |
Forum rules

There are 838 identified and unidentified users. To see the list of identified users, Click here.

Page generated in 0.269 seconds

Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel

Focus On

Logon Audit Issue

Forum Windows 2000/NT : Windows 2000/NT General Discussion - Logon Audit Issue

Please mind