Cable Forum - View Single Post - Auditing usage of C$ admin and remote registry?

tvout · 24-10-2006, 20:58

A quick follow up to this.
Whilst using computer management today (where I have local admin rights) I noticed how in the shares/sessions bit it identified perfectly my access via C$ to that machine...it seemed to provide in realtime the kind of information I need...but there's no kind of logging facility.
I've been told at work for proper auditing you'd need to enable SNMP? on all machines in the network (we have a mix of NT4 and XP, mostly NT4 on the side I want admin rights on). This would potentially be a massive change...
I thought about a single machine which had an account that was in the local admins group of all machines (add that account to a global group which is already in the local admins group of all PCs). Somehow every person using that machine would have all activity monitored to all machines. We had a similar concept where two machines had XP on (all our machines are NT) to use remote desktop and remote assistance only with generic accounts.
The suggestion is that you can't audit the machine making the outgoing connections and all outbound activity, that auditing had to be on the remote machines being connected to?

24-10-2006, 20:58	#4
tvout Inactive Join Date: Aug 2006 Location: West Midlands Services: VM L Broadband (10MB) XL TV V+ HD Box Off peak caller phone HTC Wildfire on T-Mobile UK Freeview Posts: 600	Re: Auditing usage of C$ admin and remote registry? A quick follow up to this. Whilst using computer management today (where I have local admin rights) I noticed how in the shares/sessions bit it identified perfectly my access via C$ to that machine...it seemed to provide in realtime the kind of information I need...but there's no kind of logging facility. I've been told at work for proper auditing you'd need to enable SNMP? on all machines in the network (we have a mix of NT4 and XP, mostly NT4 on the side I want admin rights on). This would potentially be a massive change... I thought about a single machine which had an account that was in the local admins group of all machines (add that account to a global group which is already in the local admins group of all PCs). Somehow every person using that machine would have all activity monitored to all machines. We had a similar concept where two machines had XP on (all our machines are NT) to use remote desktop and remote assistance only with generic accounts. The suggestion is that you can't audit the machine making the outgoing connections and all outbound activity, that auditing had to be on the remote machines being connected to?