Re: aduiting user acount

gokhanbeler <gokhanbeler@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> I got 3 domain controllers in our domain. I configured audit policy
> settings for user account events. When I review corresponding user
> events in security logs on either of domain controllers. I have to
> check out security logs of all domain controllers. This method is
> very time-consuming and not successful. What exactly I need to do is
> to learn why specific user's account is locked sometimes. which
> process lock out this user's account. How to monitor this user's
> activities.
> My suggestion: Just auditting his own computer could not be good idea.
> Because this user account may run the service on another computer
> which I don't know.
> If this is the case How can I find out?
> System administrators, please help
>
> I would be grateful...

Do you have auditing turned on in the security log?
When a client connects to a DC to authenticate, it will create an entry in
the security log, giving the IP of the client.
I would first suspect a scheduled task with the wrong passoword, but it
could also be a saved in the Advanced tab of user accounts in XP. (Click the
manage passwords button)


--?
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


.

Loading