RE: RWW Login
From: Brandy Nee [MSFT] (v-branee_at_online.microsoft.com)
Date: 03/23/05
- Next message: Crina Li: "RE: SBS Backup error"
- Previous message: tracy: "Sending messages using multiple domains."
- In reply to: List Subscriber: "RWW Login"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 23 Mar 2005 10:26:52 GMT
Hello there,
Thank you for posting to the SBS Newsgroup.
I understand that you want to know if there is any place to store the
Login/Logon RWW activities.
Actually there is no direct way for you to do that in SBS. If your users
use RWW to logon to network, there will be following event in the event
logs.
EventID 680
Source: security
Category: Account Logon
In addition, even ID 540, 552 and 576 will also be logged in to security
event logs.
With the information, you could know the users log time, but the source
computer will not be displayed since the client computer use IE to logon to
IIS pages. If you want to know more information about the IIS session, you
could use IIS logs.
1. Open Internet Information Services (IIS) console <Server name> right
click ''Default Web Site'' to choose ''Properties''.
2. Under the ''Web Site'' tab, check the option ''Enable Logging''.
3. With ''W3C Extended Log File Format'', click ''Properties''.
4. Under ''General Properties'', make sure ''Use local time for file naming
and rollover'' is CHECKED.
5. Switch to the ''Extended Properties'', and then select to enable All the
logging Options.
6. Click OK to apply the modification.
7. By Default, the log files are created in the
''%systemroot%\system32\logfiles\W3SVC1'' folder. You could view more
information through log files.
More info:
1. In SBS, we do audit failed and successful AD logons and RWW logons are
included here, but not currently distinguishable from other logons. If you
are concerned about password attacks, this is the right place to look as
these would not be limited to RWW. You could check the event logs on
clients to know when users log on and off if you are truly concerned about
knowing when people telecommute.
2. TS provides advanced auditing functionality that may be able to be used
here: Server Management->Advanced Management->Terminal Services
Configuration->Connections->Right click RDP-TCP->Properties->Permissions
tab->Advanced->Auditing tab->Add select a user from AD->OK-> Here you'll
see auditing you can perform around connections, etc.
3. You can update the RWW pages to run a script or write to the event log
each time someone logs in. For updating the RWW page, you may need to
develop it. However, we may consider this for the next version of SBS.
Hope this information answers your question, if there is anything unclear
or you need any further assistance, I welcome you to post back.
Best Regards
Best regards,
Brandy Nee
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Crina Li: "RE: SBS Backup error"
- Previous message: tracy: "Sending messages using multiple domains."
- In reply to: List Subscriber: "RWW Login"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
