Monitoring Local logins by Domain Administrators

Discussion in 'Windows XP Security' started by dean.blakeman@googlemail.com, Feb 8, 2008.

  1. Guest

    Hi,

    In my organisation we have implemented dual user accounts for IT
    administrators - A non-admin account for logging on and normal use,
    and a system admin account for RDP'ing onto servers, accessing network
    resources etc.

    Ideally the system admin accounts should only ever be used on
    workstations via the RunAs command.

    Is there a way of monitoring this to ensure that no-one is logging on
    locally using a sys admin account?

    I have tried using Security Audit Event Logs but they class both local
    logon and RunAs as 'Interactive Logon', so I cannot distinguish which
    is which.

    The only other idea I have is to attach a login script that will
    somehow check if there is already a currently logged in user, which
    would indicate that the sys admin account is being accessed via runas,
    but I am unsure of the best way to implement this.

    many thanks.
     
    , Feb 8, 2008
    #1
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ricardo Duarte
    Replies:
    0
    Views:
    415
    Ricardo Duarte
    Aug 14, 2003
  2. dklein
    Replies:
    0
    Views:
    249
    dklein
    Sep 20, 2003
  3. Mark Tyler
    Replies:
    1
    Views:
    403
    GoumbaYa
    Sep 27, 2003
  4. rix
    Replies:
    0
    Views:
    450
  5. Guest

    Local Group added to local Administrators group

    Guest, Jan 30, 2006, in forum: Windows XP Security
    Replies:
    2
    Views:
    280
    Guest
    Jan 31, 2006
Loading...

Share This Page