User Account Privilege Record
- Thread starter Lagomorph
- Start date
-
- Tags
- Dedicated Server Servers
Solution
Ijack
Splendid
- Jul 30, 2008
- 7,099
- 0
- 28,010
Why does he want to know? Surely the Administrator of the PC knows what changes he has made to an account. If it's a matter of forensics, someone who had Administrator priviliges would have been able to erase any record of changes, so there is no definitive answer.
I may be overly suspicious, but this smells like a homework question to me.
I may be overly suspicious, but this smells like a homework question to me.
All I want to know is whether Windows XP has a record of privilege changes, and if so, can this record be accessed? This is a matter of forensics, because someone changed his user account privileges, and now he has to prove that he didn't do it.
Ijack
Splendid
- Jul 30, 2008
- 7,099
- 0
- 28,010
You could check the Windows Security Event Log, but that's about it. Anyone with enough knowledge to change account privileges will have surely had enough sense to erase that.
I'd have thought the onus was on the accusers to prove that he did change his account, not the other way round.
I'd have thought the onus was on the accusers to prove that he did change his account, not the other way round.
Yes, he would have had to login to an admin account. But the administration is accusing him of making a .bat file run automatically upon admin login. I am trying to prove that his account was changed at a time when he was not on the computers.
Ijack
Splendid
- Jul 30, 2008
- 7,099
- 0
- 28,010
You use Event Manager to view the logs. I'm not sure if a non-Administative user can view the Security Log.
But if it was a .bat file running upon admin logon he wouldn't have to be on the computer at the time, so that proves nothing. On the other hand, he'd have had to already have Admin priviliges to make such a file.
But if it was a .bat file running upon admin logon he wouldn't have to be on the computer at the time, so that proves nothing. On the other hand, he'd have had to already have Admin priviliges to make such a file.
Facebook
Twitter
Instagram