Logon Audit Issue

Toggle sidebar Toggle sidebar
J

Jordan

Distinguished
Apr 7, 2004
406
0
18,780
Archived from groups: microsoft.public.win2000.security (More info?)

I have spent a couple hours searching for an answer I
have yet to find. I currently work on a Windows 2000
Server that audits all Login attempts to each individual
PC on our network. We recently had a computer crash and
I wanted to review our latest users, but found that I can
only access the audit files if I am able to connect to
that PC. Since the PC crashed and the hard drive is
shot, this is impossible.

My question is how can I take those audit files and have
them send the information to an "off-shore" computer
(aka, the Windows 2000 Server) so that I can view the
files remotely.

To all potential responders, please note that I have
tried the Console approach, but it will not let me Audit
from the Server.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

I think you are looking for this.
Microsoft Audit Collection System (MACS) is a fast and secure collection of
security events across servers to central SQL database. This provides
real-time intrusion detection from collector or as-need reporting from
databases, which can be queried using any SQL based tools. Currently in
Beta.
http://download.microsoft.com/documents/australia/WINDOWS/MACSOverview.doc

The name of it has also changed since this doc was released...I believe it
is now called ACS instead of MACS.

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

If they can email you the .evt files or you can copy them to your computer, you
should be able to view them on your computer. Otherwise you may be able to use a tool
such as Ntlast from FoundStone to read saved .evt files.

http://www.foundstone.com/?subnav=resources/navigation.htm&subcontent=/resources/proddesc/ntlast.htm

To use Ntlast remotely, it could be installed on a remote computer and then you could
use psexec from SysInternals to execute it remotely from your computer to view the
..evt files. --- Steve

http://www.sysinternals.com/ntw2k/freeware/psexec.shtml

"Jordan" <Parker402@hillcrestfd.org> wrote in message
news:2a11b01c46634$b0bac820$a501280a@phx.gbl...
> I have spent a couple hours searching for an answer I
> have yet to find. I currently work on a Windows 2000
> Server that audits all Login attempts to each individual
> PC on our network. We recently had a computer crash and
> I wanted to review our latest users, but found that I can
> only access the audit files if I am able to connect to
> that PC. Since the PC crashed and the hard drive is
> shot, this is impossible.
>
> My question is how can I take those audit files and have
> them send the information to an "off-shore" computer
> (aka, the Windows 2000 Server) so that I can view the
> files remotely.
>
> To all potential responders, please note that I have
> tried the Console approach, but it will not let me Audit
> from the Server.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom