hidden hit counter
Welcome to WindowsForumz.com!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Monitoring Local logins by Domain Administrators

  
   Windows XP (Home) -> Security Admin RSS
Next:  Applying domain policies  
Author Message
dean.blakeman

External


Since: Feb 08, 2008
Posts: 1



(Msg. 1) Posted: Fri Feb 08, 2008 8:13 am
Post subject: Monitoring Local logins by Domain Administrators
Archived from groups: microsoft>public>windowsxp>security_admin (more info?)
Hi,

In my organisation we have implemented dual user accounts for IT
administrators - A non-admin account for logging on and normal use,
and a system admin account for RDP'ing onto servers, accessing network
resources etc.

Ideally the system admin accounts should only ever be used on
workstations via the RunAs command.

Is there a way of monitoring this to ensure that no-one is logging on
locally using a sys admin account?

I have tried using Security Audit Event Logs but they class both local
logon and RunAs as 'Interactive Logon', so I cannot distinguish which
is which.

The only other idea I have is to attach a login script that will
somehow check if there is already a currently logged in user, which
would indicate that the sys admin account is being accessed via runas,
but I am unsure of the best way to implement this.

many thanks.

 >> Stay informed about: Monitoring Local logins by Domain Administrators 
Back to top
Login to vote
Display posts from previous:   
   Windows XP (Home) -> Security Admin All times are: Eastern Time (US & Canada)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum

Categories:
  Windows XP
 Win 2000/NT/98/ME
 Windows Vista!

[ Contact us | Terms of Service/Privacy Policy ]