No announcement yet.

Remote Access Audit Required

  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote Access Audit Required

    Good morning everyone!

    New member so go easy on me, and might I add, VERY useful site you guys have here has helped me out several times in the past!

    Right here is the situation:-

    We have around 200 servers from different hardware vendors running various flavours of 2000, 2003 and 2008 (plus from virtual machines.) These servers are spread mainly across two datacenters local to our office but there are probably 50 servers at remote sites around Europe. I need to audit all remote access methods (RDP, iLo, Drac, RSA, IPKVM etc...) Basically anything that allows a user / admin to log onto a box in an interactive nature. I have Domain Admin rights globally across the domains and know most of the admin usernames and passwords. I have direct access to all of the boxes from my workstation and we have hardware SSL VPN between sites.
    I would say 80% of the boxes have TS enabled but we are unsure which are set up as terminal servers and which are just Terminal Services for remote administration.

    Obviously doing this manually is going to be a real pain in the backside and is going to take a considerable amount of time! Im lookinf for ideas on how to do this as quickly and easily as possible (We have a security audit from the credit card companies VERY soon) if we are not seen as secure they will revoke our credit card processing priviliges and give us a large fine!

    Any help would be great... And once again thanks!

  • #2
    Re: Remote Access Audit Required

    Did you take a look at ObserveIT? If not, please do -

    ObserveIT is a software that delivers audit of 3rd-party and employees remote access. It will visually record any type of remote access, including Terminal, RDP, VNC, Citrix, NetOp, VMware and VS/Hyper-V VM access and more.

    ObserveIT's unique metadata architecture enables you to generate detailed reports (For example: "Show me all window console and terminal session recordings that include access to the registry on all servers through January 2008") quickly and effectively, solving system related problems and helping prevent future repetition of similar errors.

    ObserveIT is specifically designed for enterprise-scale deployments, with patented free-text search which enables to detect, report, alert and replay any user activity within the recorded sessions.

    See some cool videos showing the capabilities of ObserveIT:

    Replaying a recorded session

    Generating Reports

    Free-Text Search

    Identify the Actual User when using Generic Login Names such as "Administrator"

    Real-time alerting and integration with management tools

    Disclosure - I work for ObserveIT.


    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services