1

I found a guide that teaches, through turning on the Audit of the System Log on Activity via gpedit.msc, how to read the logon activity via eventvwr.msc

Is this way of monitoring fully comprehensive?

I have some doubts about it. For example windows doesn't give a chance to log a remote desktop conn. logon activity, maybe I'm worng but it doesn't seem included here.

Do you have any hack to really check if the system was used? Always thinking I've the Admin privileges, I have an I idea to implement a sort of hidden batch that could make the log for me... is there something like this around in the net?

kante
  • 13
  • 5
  • 1
    trying hard to understand "doesn't give a chance to log a remote desktop conn", wtf does this mean? – tony roth Apr 19 '13 at 13:23
  • 1
    I mean to say that there's no option in windows to check if someone has been connected remotely to the PC. I havent see anything that logs remote connections. – kante Apr 19 '13 at 13:36
  • 1
    On second thought I delete my answer because I don't know what you're asking. – Ryan Ries Apr 19 '13 at 13:39
  • 1
    @RyanRies neither does he/she. – tony roth Apr 19 '13 at 13:46
  • 1
    @kante the answer to your question about "Is this way of monitoring fully comprehensive?" is YES, everything you need can be audited. – tony roth Apr 19 '13 at 13:50
  • My question is clear in the title of this thread: "is it safe to rely on windows audit?" in order to verify who's made logon on a PC? @tonyroth maybe you don't know what you're answering... so please let someone else answer ;) – kante Apr 19 '13 at 14:33

1 Answers1

1

You should do more research about logon event ID and logon types. this link helps.

http://techgenix.com/logon-types/

http://help.argent.com/articles/Q805.php

Root Loop
  • 902
  • 4
  • 24
  • 45