Re: RWW Monitoring
From: Les Connor [SBS Community Member - SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 02/25/05
- Next message: Eriq Neale: "Re: Outgoing Exchange (SBS) SMTP email not working with DynDNS Outbound service"
- Previous message: zhaowai: "Re: Releasing Disk space from 1 partition & adding it another partiti"
- In reply to: Adam: "RE: RWW Monitoring"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 25 Feb 2005 10:28:34 -0600
Here's something posted by Supergumby that might work for you.
<snip>
I recently implemented logon/logoff scripts via GP
------logon.cmd----
echo logon %username% %computername% %date% %time% >> \\sbs\share\logon.log
-----logoff.cmd-----
echo logoff %username% %computername% %date% %time% >> \\sbs\share\logon.log
---give me a logon.log like----
logon June VSXP Tue 22/02/2005 10:39:51.12
logoff June VSXP Tue 22/02/2005 10:41:08.45
logon MickM VSXP Tue 22/02/2005 10:42:01.07
logoff MickM VSXP Tue 22/02/2005 10:42:46.81
-- Les Connor [SBS Community Member - SBS MVP] ----------------------------------------------------------- SBS Rocks ! "Adam" <Adam@discussions.microsoft.com> wrote in message news:050C0D88-9674-4595-8D57-600155E3A59D@microsoft.com... > Charles, > > Thank you for the very complete answer, but given the gaping entrance into > a > network (albeit useful) the openess of RWW, and the potential breach that > could ensue, You would think that someone or Microsoft would have set up a > more complete reporting - monitoring tool. You have given me a solution, > but > a very painful solution. As a business owner I wnat to know who is on my > network after hours, As a hardware/software intergrater, I need to let my > customers feel secure. > > The server usage report is insulting, it gives you a taste that something > might be wrong and that is it. In your scenerio, one must jump up, spin > around, hop twice and spank the dog to find an answer. > > Awaing your respones, > Adam Cole > > > ""Charles Yang [MSFT]"" wrote: > >> Hi Adam, >> >> I am happy to hear from you. >> >> According to your description, I understand that you want to know if >> there >> is some reports can include the RWW information and OWA during a specific >> period. If I misunderstand you, please let me know. >> >> Based on my research, OWA usage can be got from Server Usage Report, you >> can find the information in IIS log, for RWW usage there is no direct way >> to get it. If you users use RWW to logon to network, there will be >> following event in the event logs. >> >> EventID 680 >> Source: security >> Category: Account Logon >> >> In addition, even ID 540, 552 and 576 will also be logged in to security >> event logs. >> >> With the information, you could know the users log time, but the source >> computer will not be displayed since the client computer use IE to logon >> to >> IIS pages. If you want to know more information about the IIS session, >> you >> could use IIS logs. >> >> 1. Open Internet Information Services (IIS) console <Server name> >> right click ''Default Web Site'' to choose ''Properties''. >> >> 2. Under the ''Web Site'' tab, check the option ''Enable Logging''. >> >> 3. With ''W3C Extended Log File Format'', click ''Properties''. >> >> 4. Under ''General Properties'', make sure ''Use local time for >> file >> naming and rollover'' is CHECKED. >> >> 5. Switch to the ''Extended Properties'', and then select to enable >> All the logging Options. >> >> 6. Click OK to apply the modification. >> >> 7. By Default, the log files are created in the >> ''%systemroot%\system32\logfiles\W3SVC1'' folder. >> >> You could view more information through log files. >> >> >> More info: >> >> 1. In SBS today, we do audit failed and successful AD logons and RWW >> logons >> are included here, but not currently distinguishable from other logons. >> If >> you are concerned about password attacks, this is the right place to look >> as these would not be limited to RWW. You could check the event logs on >> clients to know when users log on and off if you are truly concerned >> about >> knowing when people telecommute. >> >> 2. TS provides advanced auditing functionality that may be able to be >> used >> here: Server Management->Advanced Management->Terminal Services >> Configuration->Connections->Right click RDP-TCP->Properties->Permissions >> tab->Advanced->Auditing tab->Add select a user from AD->OK-> Here you'll >> see auditing you can perform around connections, etc. >> >> 3. You can update the RWW pages to run a script or write to the event log >> each time someone logs in. For updating the RWW page, you may need to >> develop it. However, we may consider this for the next version of SBS. >> >> I am currently standing by for an update from you and would like to know >> how things are going on your end. If you have any questions or concerns >> on >> the recent information I've provided you, please don't hesitate to let me >> know. >> >> >> Charles Yang >> Online Partner Support >> Partner Support Group >> Microsoft Global Technical Support Center >> Mailto: v-chayan@microsoft.com >> >> Sincerely, >> >> Charles Yang (MFST) >> >> Microsoft Online Support Engineer >> >> Get Secure! - www.microsoft.com/security >> ==================================================== >> When responding to posts, please "Reply to Group" via your newsreader >> >> so that others may learn and benefit from your issue. >> ==================================================== >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> >>
- Next message: Eriq Neale: "Re: Outgoing Exchange (SBS) SMTP email not working with DynDNS Outbound service"
- Previous message: zhaowai: "Re: Releasing Disk space from 1 partition & adding it another partiti"
- In reply to: Adam: "RE: RWW Monitoring"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
