What specific place is he looking to gain access to? If you know the location, and it's a file system location, then add file-level auditing for that account into your reconnaissance.
If you don't know where he's going or what access he's trying to get, then sniffing is really the best approach. As for alerts, that will depend on what software you use to monitor your Event Logs - ASB Cheap, Fast, Secure -- Pick Any TWO. http://www.ultratech-llc.com/KB/ On Mon, 25 Oct 2004 08:00:53 -0700, Mike Hogenauer <[EMAIL PROTECTED]> wrote: > > > > So I have a user who I think is trying to gain access to places he's not > supposed to be, I'm looking for a good way to audit this account, I have > auditing enabled on account and object access and I view all my security > logs but I'm really trying to target one user account in particular and get > a good detail report. > > > > Does anyone have any good suggestions on how I can monitor and even get > alerts on one account whenever it does anything on the network, without > having to sniff packets and watch ports? > > > > Thanks! > > > > Mike List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
