Auditing Services

T

Tony Stark

Hello,

I have been given the task to audit when someone turns off
a service on a Win2K server and possibly who the user
might be, does anyone know how I could accomplish this? I
do not know of any way to do this in Windows Auditing.

Thank you,
Tony
 
S

Steven L Umbach

I believe you will find those events in the system log of Event Viewer. --- Steve
 
T

Tony Stark

Thanks for the reply Steve, The service isn't showing up
in the logs, it is a service installed by an application.
Do you think there is a way to do a registry hack to force
the notification of the service shutdown?

Thank you,

Tony
 
S

Steven L Umbach

Hi Tony. The only thing I can think of, if you have not done so, is to enable
auditing of system events for that machine. I have that enabled on one of my test
machines and it records every service being stopped/started - even non default ones
such as Norton, personal firewall, and Nvidia driver helper. --- Steve

http://www.microsoft.com/mspress/security/tips/041102.asp
 
T

Tony Stark

Eric,

Thank you very much! I am going to give this a try first
thing Thursday morning!! You are a lifesaver!! Are there
any articles around detailing this procedure? I have
printed out some whitepapers but they have been more "in
general" and not this deep. I can use this in so many ways!

It is reassuring to know you guys are watching the news
groups!

Thank you again!

Tony
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Audting Changes to Active Directory Security groups. 1
Event ID for changing Inheritance of object permissions 6
Audit object access 1
Auditing shared folders... 1
Adobe Audit 0
Auditing ? 1
Sucsss Audit - have I been hacked ? 6
Object auditing: event log doesn't show which object is being audi 2

Top