Re: Getting a list of logged on users and hosts

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Eugene Gershnik (gershnik_at_hotmail.com)
Date: 04/02/04 

Date: Thu, 1 Apr 2004 21:12:22 -0800

Slava M. Usov wrote:
> "Eugene Gershnik" <gershnik@hotmail.com> wrote in message
> news:Og8GhD9FEHA.3032@TK2MSFTNGP09.phx.gbl...
>
>> Come on, you know that any decent log system doesn't just truncate
>> but also keeps a backlog. ;-)
>
> Well, then the standard event log is not decent at all.

It isn't. Why do you think all MS servers write into log files in
System32/LogFiles? Event log is just a message box replacement for services.

>> Today either by reading the event log or by hooking. I once worked
>> on a project that did exactly that.
>
> That still does not solve the problem in the general case -- when
> it is simply not there. That was your original point, and I agree,
> but I disagree that it is a limitation -- simply because the host
> name is a not a universal attribute.

I guess our only disagreement is about the relative importance of the host
name.

>> Precisely. There is no universal way to add arbitrary data to a
>> logon session or to read it from there. Which is a problem IMHO.
>
> Perhaps. But then it is not a "host name" problem, don't you agree?

Completely. The host name is just one of the most frequently encountered
examples of it.

>>> Right, so the fingerprint, retina scans must never be visible
>>> outside. I don't know about you, but I sense a logical problem
>>> here.
>>
>> Why?
>
> You had three categories of logon data, which had to be mutually
> exclusive -- because you accused me of lumping all together :-) --
> but they were not.

They are mutually exclusive. Credentials are a subset of static attributes
with additional restrictions placed on them. So if in my domain retina scans
are stored just for fun they are a static attribute. If they are used to
authenticate me they are a credential and no code (including TCB code) has
no business accessing it. 

--
Eugene

Relevant Pages

  • Re: Getting a list of logged on users and hosts
    ... you know that any decent log system doesn't just truncate ... Event log is just a message box replacement for services. ... Credentials are a subset of static attributes ... authenticate me they are a credential and no code (including TCB code) has ...
    (microsoft.public.win32.programmer.kernel)
  • RE: eventlog machinename
    ... you can dim up an event log with the machine name and if the credentials of the user running your code can access the ... eventlog of that machine, it will just work. ... >could not understand how to provide the credentials for the remote machine. ...
    (microsoft.public.dotnet.languages.vb)
  • RE: VB6 DLL can not write to event logs in IIS 6.0
    ... >¡°The web site is setup to not allow anonymous access. ... that the process runs under the credentials of the user who is accessing ... the event log still can not be written successfully if you use ...
    (microsoft.public.inetserver.iis.security)
  • Re: Help with event viewer errors / warnings
    ... rebooting with credentials entered. ... is also polluting the event log with an error. ... Installation Failure: Windows failed to install the following update ... I don't believe this to be related to the credentials I entered since ...
    (microsoft.public.windows.server.dns)
  • Re: run -> unc server name (just one particualar one) -> "extended error has ocurred"
    ... I saw an event id 14 Kerberos warning in the event log. ... really pay that much attention to it, because it didn't really pop up ... and sure enough there was an entry there for my misbehaving server. ... removed it and then it asked me for my credentials, ...
    (microsoft.public.windows.server.general)