RE: RWW Monitoring Active Sessions
From: Charles Yang [MSFT] (v-chayan_at_online.microsoft.com)
Date: 02/22/05
- Next message: Charles Yang [MSFT]: "RE: ConnectComputer ... Active Directory ? NetJoinDomain() failed ... ???"
- Previous message: Charles Yang [MSFT]: "RE: New SBS2003 Install - same problem"
- In reply to: diverdls2: "RWW Monitoring Active Sessions"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 22 Feb 2005 10:01:40 GMT
Hi,
Thank for your post.
>From your description, I understand that you want to track the RWW users.
If I am off base, let me know.
Based on my research, if your users use RWW to logon to network, there will
be following event in the event logs.
EventID 680
Source: security
Category: Account Logon
In addition, even ID 540, 552 and 576 will also be logged in to security
event logs.
With the information, you could know the users log time, but the source
computer will not be displayed since the client computer use IE to logon to
IIS pages. If you want to know more information about the IIS session, you
could use IIS logs.
1. Open Internet Information Services (IIS) console <Server name>
right click ''Default Web Site'' to choose ''Properties''.
2. Under the ''Web Site'' tab, check the option ''Enable Logging''.
3. With ''W3C Extended Log File Format'', click ''Properties''.
4. Under ''General Properties'', make sure ''Use local time for file
naming and rollover'' is CHECKED.
5. Switch to the ''Extended Properties'', and then select to enable
All the logging Options.
6. Click OK to apply the modification.
7. By Default, the log files are created in the
''%systemroot%\system32\logfiles\W3SVC1'' folder.
You could view more information through log files.
More info:
1. In SBS today, we do audit failed and successful AD logons and RWW
logons are included here, but not currently distinguishable from other
logons. If you are concerned about password attacks, this is the right
place to look as these would not be limited to RWW. You could check the
event logs on clients to know when users log on and off if you are truly
concerned about knowing when people telecommute.
2. TS provides advanced auditing functionality that may be able to be
used here: Server Management->Advanced Management->Terminal Services
Configuration->Connections->Right click RDP-TCP->Properties->Permissions
tab->Advanced->Auditing tab->Add select a user from AD->OK-> Here you'll
see auditing you can perform around connections, etc.
3. You can update the RWW pages to run a script or write to the event
log each time someone logs in. For updating the RWW page, you may need to
develop it. However, we may consider this for the next version of SBS.
I am currently standing by for an update from you and would like to know
how things are going on your end. If you have any questions or concerns on
the recent information I've provided you, please don't hesitate to let me
know.
Charles Yang
Online Partner Support
Partner Support Group
Microsoft Global Technical Support Center
Mailto: v-chayan@microsoft.com
Sincerely,
Charles Yang (MFST)
Microsoft Online Support Engineer
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader
so that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Charles Yang [MSFT]: "RE: ConnectComputer ... Active Directory ? NetJoinDomain() failed ... ???"
- Previous message: Charles Yang [MSFT]: "RE: New SBS2003 Install - same problem"
- In reply to: diverdls2: "RWW Monitoring Active Sessions"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
