Question : Monitor the local administrator account activities on the windows servers

Auditor recommended our company to monitor the local administrator account activities on the windows servers. I want to know where I can get relevant information (such as log or something) and how to get them with Perl.

Thanks in advance

Answer : Monitor the local administrator account activities on the windows servers

in the scope of Windows (OS level), you may configure Windows to audit OS level activities including logon events, account management, policy change, privilege use, system events and more.

Which Versions of Windows Support Advanced Audit Policy Configuration?
http://technet.microsoft.com/en-us/library/dd692792%28WS.10%29.aspx

Advanced Security Audit Policy Settings
http://technet.microsoft.com/en-us/library/dd772712%28WS.10%29.aspx

however, please be aware that the above mentioned is for the scope of OS level audit, which does not include applications audit, hardware changes, network changes and etc. these extra audits need to be enabled individually if it is possible and applicable. for example, server memory adjustment can be audited if the server's audit is enable (normally can't record who does that), SQL audit must be configured with SQL Enterprise Manager, not from Windows.

hope it helps,
bbao

Random Solutions

SMS collection help

I"m getting an undefined index error message on this script.

Live chat on website

Email on completed Scheduled Task

Websites frequently fail to load despite solid internet connection?

Sum totals from a table and group results

How to get the database record count in MS SQL Server 2005?

What are all the possible options for virtualizing a physical server that is presently attached to a SAN and used for storing data?

ORA-32004: obsolete and/or deprecated parameter(s) specified Error after switching to archivelog mode in Oracle 11G.

Need to count orders in Access report based on condition