Announcement

Collapse
No announcement yet.

How to find the culprit who has shut down my comp remotely

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to find the culprit who has shut down my comp remotely

    Hi everyone

    Iam working in call centre and somebody has shutdown my computer remotely,i know my friend has done that but i want to know the pc name, so how can i find out.

    My friend has done this (right click my computer---manage---right click computer management----connect to other computer-because of this technique he has done this, but i want to know who has done this,how can i find out in my pc, is there is any log created on my pc so that i can find out his pc name.

    The opertaing system is windows 2000 pro.

  • #2
    Re: How to find the culprit who has shut down my comp remotely

    Turn on System Events auditing in the local GPO of the computer, and next time someone will do it you'll be able to find out who it was.

    However, the bigger question is why not stop it from happening in the first place? How come someone has the username/pwd info for YOUR computer?

    Second question is what does this thread have to do with TERMINAL SERVERS? Thread moved to the right forum.
    Last edited by danielp; 4th August 2006, 15:23.
    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

    Comment


    • #3
      Re: How to find the culprit who has shut down my comp remotely

      But there is no need of password and username to shutdown or restart remote pc,can we trace out the pc name or the ip ad that has shut down the computer.

      Can we find out his ip ad.

      Comment


      • #4
        Re: How to find the culprit who has shut down my comp remotely

        Originally posted by SIRDON
        But there is no need of password and username to shutdown or restart remote pc,can we trace out the pc name or the ip ad that has shut down the computer.

        Can we find out his ip ad.
        To remotely manage a computer with the MMC applets, you have to have administrative access over that remote host... so if he's messing with your computer in the way you described, then he has to have your admin login/password or the login/password of an account that's on the local admins group on your machine.
        A+, Network+, Security+
        MCSE+Security on Server 2003

        Comment

        Working...
        X