Re: Security audit file shows users continually loggin on and off
- From: EllEff <EllEff@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 23 Jun 2007 14:28:03 -0700
Herb,
Thanks for the quick reply.
What wories me is that at all hours I am seeing users (at least their
machines) logging in and out of the server. This is not IUSR_machinename for
IIS, but just the standard everyday user.
Reading between the lines, it seems like this may not be a big deal? Over
the course of a month I'll see 20K entries in the audit file, and this is for
a small office of maybe 10 users.
If users say logged on forever, would the workstations "check in" with the
server periodically, or once they are authenticated and that's it and no more
checking in with the mother ship?
Would running Spybot Search & Destroy (or something else) on the server help
see if there is some internal attack happening?
Sorry if I'm asking so many questions, just trying to learn.
Thanks for your help!
Lee
"Herb Martin" wrote:
.
"EllEff" <EllEff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AAA5B9CA-0F2C-425A-84B3-506FE428F351@xxxxxxxxxxxxxxxx
Hi,
I'm new at this AD stuff so bear with me.
I noticed in the security log file that I have entries of users loggin on
and off at all hours of the day and night. My security log file now has
over
20,000 entries. This does not seem correct to me. Or am I wrong? I am
now
seeing the Administrator logging on and off as well and this troubles me.
When the users go home at night they leave their workstations (XP Pro)
running and they don't log out. Is this some of the problem or is it
bigger
than just this.
Might be a batch or TS automatic reconnection.
Might be as simple as a network problem causing them to re-authenticated
when they have trouble reconnecting automatically to some share or
something.
Is this a "regular user" or something like IUSR_machinenam for IIS?
You say 20K entries -- over what period of time? If this is weeks worth
then
just clear (maybe archive first) the logs but if this is DAILY you can't see
the
forest for the trees (true attacks on your network) so you have to resolve
it.
I consider it perfectly normal for users to stay logged on, forever.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
- Follow-Ups:
- Re: Security audit file shows users continually loggin on and off
- From: Herb Martin
- Re: Security audit file shows users continually loggin on and off
- References:
- Re: Security audit file shows users continually loggin on and off
- From: Herb Martin
- Re: Security audit file shows users continually loggin on and off
- Prev by Date: Re: Security audit file shows users continually loggin on and off
- Next by Date: RE: I can't start new master DC, help
- Previous by thread: Re: Security audit file shows users continually loggin on and off
- Next by thread: Re: Security audit file shows users continually loggin on and off
- Index(es):
Relevant Pages
|
