Announcement

Collapse
No announcement yet.

Trust Win 2003 - Audito Logon

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trust Win 2003 - Audito Logon

    I only need track user that access resources in diferents domains, but I need know what's server target when a user from domain A access other server in domain B. Event viewer not record this event.

  • #2
    Re: Trust Win 2003 - Audito Logon

    What auditing have you enabled -- you can specify users/groups to audit so you should be able to do it somewhere.
    Presumably you are auditing on the resource side?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Trust Win 2003 - Audito Logon

      Yes,

      Audit account events is enable in resource side, but is not possible view what is server target the user from DOMAIN A access across trust in DOMAIN B. Event viewer in domain B only record domainA\user authentication success.

      Comment


      • #4
        Re: Trust Win 2003 - Audito Logon

        Not entirely sure but if you look at the server AD object you want to audit and look at the advanced permissions and then audit tab, see if you are able to audit what you are looking for by adding the relevant group.

        It may be that you need to audit object access.

        As stated, not entirely sure but worth you reviewing and testing.

        Comment


        • #5
          Re: Trust Win 2003 - Audito Logon

          You need to enable audit object access and then on the resource you need to configure auditing through the security setting on the folders and/or files. The auditing events will be logged on the server that hosts the resource.

          http://support.microsoft.com/kb/814595
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment


          • #6
            Re: Trust Win 2003 - Audito Logon

            Jeremy,

            because of this I need to know which are authenticated via User trust and which server is the domain of resource access

            Comment


            • #7
              Re: Trust Win 2003 - Audito Logon

              vechiatto, is that a question?

              In the event that is generated it should specify the domain\user that is accessing the object.
              Regards,
              Jeremy

              Network Consultant/Engineer
              Baltimore - Washington area and beyond
              www.gma-cpa.com

              Comment


              • #8
                Re: Trust Win 2003 - Audito Logon

                OK, in event from domain controler resource is record domain\user from DOMAIN A but dont record target server in DOMAIN B

                Comment


                • #9
                  Re: Trust Win 2003 - Audito Logon

                  Correct. The audit logs will be on the server that has the resource.

                  Let's say the following is your setup:

                  DomainA.local
                  - server1 = DC

                  DomainB.local
                  - server1 = DC
                  - server2 = file server

                  domainA\user1 accesses file on server2.domainB.local

                  The auditing information for what files were accessed will be on server2.domainB.local.
                  Regards,
                  Jeremy

                  Network Consultant/Engineer
                  Baltimore - Washington area and beyond
                  www.gma-cpa.com

                  Comment


                  • #10
                    Re: Trust Win 2003 - Audito Logon

                    Perfect.

                    But I dont know whats server in domainB.local. I need track this information. Whats user access server2.domainb.local and using external trust domain.

                    Comment


                    • #11
                      Re: Trust Win 2003 - Audito Logon

                      If I understand what you're saying correctly, you really want to find out is what users in your domain are accessing, correct?

                      The only thing I can think of that will do this is running a packet sniffer and parsing the capture.

                      But policy (as in the written business policy) should really dictate what users should be able and not be able to access. Once that is done you should then configure the services accordingly.

                      If you don't know what resources are out there then that is where you should start. Find out what users have access to and what they don't have access to and then audit the appropriate servers.
                      Regards,
                      Jeremy

                      Network Consultant/Engineer
                      Baltimore - Washington area and beyond
                      www.gma-cpa.com

                      Comment


                      • #12
                        Re: Trust Win 2003 - Audito Logon

                        unfortunately it does not exist in the company (as in the written business policy) and so I thought it would be possible to capture in any log windows or some third party tool such activity.

                        Thank you very much

                        Comment

                        Working...
                        X