Hi James, Thank you. I will try the task scheduler for alert. But my issue now is, I am not getting the event id 4625 logged in security event log. I have applied my GPO to default domain policy. Any clue?
Regards Liby Philip Mathew | Principal Systems Administrator ICT Professional Services Path Solutions Tel: +965 24824600 Ext. 703 Fax: +965 24824500 www.path-solutions.com<http://www.path-solutions.com/> [fiveLogos] From: [email protected] [mailto:[email protected]] On Behalf Of James Hill Sent: Thursday, May 09, 2013 14:25 To: [email protected] Subject: RE: [NTSysADM] Non-admin login alert I'd create a Task with Task Scheduler that triggers on the Audit Event. Use a custom event filter to create the Event trigger so you can be specific for when and what the task runs (even use keywords). Then have the task action be an email sent to you. That way when you get the email you could quickly do a reverse lookup on the IP address as it won't change during that time (unless you are very very unlucky and the client IP happens to renew it's IP at that time :) ) James. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of [email protected]<mailto:[email protected]> Sent: Thursday, 9 May 2013 4:48 PM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] Non-admin login alert Audit the events on the DC or the file share, and then use a script or piece of software to generate a report on a daily/weekly basis? Sent from my Blackberry, which may be an antique but delivers email RELIABLY ________________________________ From: Liby Philip Mathew <[email protected]<mailto:[email protected]>> Sender: [email protected]<mailto:[email protected]> Date: Thu, 9 May 2013 06:42:15 +0000 To: [email protected]<[email protected]<mailto:[email protected]%[email protected]>> ReplyTo: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Non-admin login alert HI, Is there a way to get alerted when a normal user tries to login to a domain or access file server resources with domain\administrator account? Disclaimer [The information contained in this e-mail message and any attached files are confidential information and intended solely for the use of the individual or entity to whom they are addressed. This transmission may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you have received this e-mail in error, please notify the sender immediately and delete all copies. If you are not the intended recipient, any disclosure, copying, distribution, or use of the information contained herein is STRICTLY PROHIBITED. Path Solutions accepts no responsibility for any errors, omissions, computer viruses and other defects.] P Protect our planet: Do not print this email unless necessary.
<<inline: image001.jpg>>
