PC Review

Thread Tools Rate Thread

Monitoring Local logins by Domain Administrators

Posts: n/a
      8th Feb 2008

In my organisation we have implemented dual user accounts for IT
administrators - A non-admin account for logging on and normal use,
and a system admin account for RDP'ing onto servers, accessing network
resources etc.

Ideally the system admin accounts should only ever be used on
workstations via the RunAs command.

Is there a way of monitoring this to ensure that no-one is logging on
locally using a sys admin account?

I have tried using Security Audit Event Logs but they class both local
logon and RunAs as 'Interactive Logon', so I cannot distinguish which
is which.

The only other idea I have is to attach a login script that will
somehow check if there is already a currently logged in user, which
would indicate that the sys admin account is being accessed via runas,
but I am unsure of the best way to implement this.

many thanks.
Reply With Quote

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Removing domain local groups from Wind XP local administrators group Olu Daniels Microsoft Windows 2000 Group Policy 7 22nd Oct 2005 06:08 AM
Removing domain local groups from Wind XP local administrators gro =?Utf-8?B?T2x1ZGFu?= Microsoft Windows 2000 Active Directory 3 18th Oct 2005 08:19 PM
Wireless logins require access to local machines before domain logins can occur. Is there a way to bypass this =?Utf-8?B?cGFzaGJ5?= Microsoft Windows 2000 Networking 0 26th Oct 2003 04:56 AM
add domain administrators into local administrators group from GPO rix Windows XP Security 0 26th Sep 2003 11:34 PM




All times are GMT +1. The time now is 10:14 PM.