There is reason to suspect that someone is improperly accessing PC's remotely and may have somehting set as to where we cannot audit what we need to. I need to find out of this is true in the next 30 minutes. I think I did though. Security policies for all logon/logoff policies have been turned off, which is why nothing was being logged. Looks as though this was done on multiple workstations.
>From: Martin Blackstone <[EMAIL PROTECTED]> >Reply-To: "NT 2000 Discussions" <[EMAIL PROTECTED]> >To: "NT 2000 Discussions" <[EMAIL PROTECTED]> >Subject: RE: Security Auditing -- URGENT >Date: Wed, 6 Feb 2002 06:20:06 -0800 > >What is so URGENT about this? Is your network down? Users cant connect? >Data >lost? What???? > >-----Original Message----- >From: Paul Timmerman [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, February 06, 2002 5:56 AM >To: NT 2000 Discussions >Subject: Security Auditing -- URGENT > > >I have a Win2K pro workstation. My security event log is setup to monitor >everything, including success and failure logons. I then test it by trying >to logon with credentials I know are false. However, NOTHING shows up in >the security log. Is there any reason for this to happen? Is there some >other way I can test this? > >_________________________________________________________________ >Join the world's largest e-mail service with MSN Hotmail. >http://www.hotmail.com > > >------ >You are subscribed as [EMAIL PROTECTED] >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe send a blank email to [EMAIL PROTECTED] > >------ >You are subscribed as [EMAIL PROTECTED] >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe send a blank email to [EMAIL PROTECTED] _________________________________________________________________ Join the world�s largest e-mail service with MSN Hotmail. http://www.hotmail.com ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
