Is something overriding it in the Default Domain Controllers Policy? On 9 May 2013 12:41, Liby Philip Mathew <[email protected]> wrote:
> Hi James,**** > > Thank you. I will try the task scheduler for alert. But my issue now is, > I am not getting the event id 4625 logged in security event log. I have > applied my GPO to default domain policy. Any clue?**** > > ** ** > > Regards**** > > Liby Philip Mathew | Principal Systems Administrator**** > > ICT Professional Services**** > > Path Solutions**** > > Tel: +965 24824600 Ext. 703**** > > Fax: +965 24824500**** > > www.path-solutions.com** > > [image: fiveLogos]**** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *James Hill > *Sent:* Thursday, May 09, 2013 14:25 > *To:* [email protected] > *Subject:* RE: [NTSysADM] Non-admin login alert**** > > ** ** > > I’d create a Task with Task Scheduler that triggers on the Audit Event. > Use a custom event filter to create the Event trigger so you can be > specific for when and what the task runs (even use keywords). Then have > the task action be an email sent to you.**** > > ** ** > > That way when you get the email you could quickly do a reverse lookup on > the IP address as it won’t change during that time (unless you are very > very unlucky and the client IP happens to renew it’s IP at that time J )** > ** > > ** ** > > James.**** > > ** ** > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *[email protected] > *Sent:* Thursday, 9 May 2013 4:48 PM > *To:* [email protected] > *Subject:* Re: [NTSysADM] Non-admin login alert**** > > ** ** > > Audit the events on the DC or the file share, and then use a script or > piece of software to generate a report on a daily/weekly basis?**** > > Sent from my Blackberry, which may be an antique but delivers email > RELIABLY**** > ------------------------------ > > *From: *Liby Philip Mathew <[email protected]> **** > > *Sender: *[email protected]**** > > *Date: *Thu, 9 May 2013 06:42:15 +0000**** > > *To: *[email protected]<[email protected]>**** > > *ReplyTo: *[email protected] **** > > *Subject: *[NTSysADM] Non-admin login alert**** > > ** ** > > HI,**** > > Is there a way to get alerted when a normal user tries to login to a > domain or access file server resources with domain\administrator account?* > *** > > **** > > Disclaimer **** > > [The information contained in this e-mail message and any attached files > are confidential information and intended solely for the use of the > individual or entity to whom they are addressed. This transmission may > contain information that is privileged, confidential or exempt from > disclosure under applicable law. If you have received this e-mail in error, > please notify the sender immediately and delete all copies. If you are not > the intended recipient, any disclosure, copying, distribution, or use of > the information contained herein is STRICTLY PROHIBITED. Path Solutions > accepts no responsibility for any errors, omissions, computer viruses and > other defects.]**** > > P *Protect our planet: Do not print this email unless necessary.** * > -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk
<<image001.jpg>>
