audit trail of sessions connected to your computer
When Vista loads, a net start server command is run. This basically shares (by default) your C drive (c$) to the entire world. IF an admin wants to access your c: drive, he/she only has to do a net use to this computer. QUESTION - is there any way to turn on an audit log to record these sessions to my computer (laptop)? I initially thought this was recorded in the event viewer - but this is not the case. Thanks for any help.
February 28th, 2008 8:51pm

Hi rjmjr, You can check the information by using the security log in Event Viewer. A logon event 4624 will be generated in the security log when an account is successfully logged on, and the logon type is 3 for network logon. Ive also included an sample event for your reference: ============================== An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: TEST\aa Account Name: aa Account Domain: TEST Logon ID: 0x23b4ebba Logon GUID: {8B91EEF1-331C-40A1-82A6-6FEABF62FE9D} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: 192.168.1.209 Source Port: 50093 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 In addition, to audit the logon information, please ensure that the audit policies audit account logon events and audit logon events are enabled. Hope it helps. Sincerely, Joson Zhou Microsoft Online Community Support
Free Windows Admin Tool Kit Click here and download it now
March 3rd, 2008 9:30am

Thank you - you are correct. I suppose this is a benefit over XP - and - as I went back to my testing scenario - i was doing a net use to a XP machine - and that is where the problem really is - XP does record the login session - but it does not record the name of the machine in the security id. Thank you for your help. I will mark the question as answered.
March 3rd, 2008 7:15pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics