Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Compromised System Audit Help

Status
Not open for further replies.
spacebass5000

spacebass5000

Programmer
Nov 26, 2000
144
US
I'm more intimate with Linux Security than I am Windows. I need some help here. I am auditing a windows system that I believe has experienced some foul-play.

I need help with the following:

1. How do I tell who has logged on when? I need to know who connected remotely and which user they used.

2. When I went to look in the "Event-Viewer", the "Security" log is completely blank. This can't be right. How would one go about deleting all of this info? How would one go about turning off this logging function (GP?).

3 Could you point me in the direction of some windows security auditing information?
 
Sort by date Sort by votes
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
993
intel233
intel233
tklamb
  • Locked
  • Question
ACL help
Replies
0
Views
215
tklamb
tklamb
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
315
PauS0n
PauS0n
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
340
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top