How to track Unauthorized Access of Internet Use by any domain user

[Sudeep Batra]

We have a Active Directory,single domain and domain users access Internet
using MS ISA Server.
Only the users authorized can access but there are some users who try to use
the other users having Internet Access.Can I track the Failure attempts of
these Unauthorized Users ?

I have already enabled Audit Policy in Domain Controller - for Directory
Access as per the KB 314955
http://support.microsoft.com/default.aspx?scid=kb;en-us;314955&sd=tech#3

but unable to track the unauthorized user.

Any help would be highly appreciated.


Regards,


Sudeep

 

[Cary Shultz [A.D. MVP]]

Sudeep,

You might want to post this to the ISA news group. You might get a better
answer / faster answer in there....

My gut feeling is that there must be a way to track attempts of those that
are not authorized to access web sites. Meaning, if I am not allowed - per
the ISA policies / my group membership - then any attempt that I make to go
to any web site would be tracked and logged. You - as the admin - would
simply need to turn that on. I have not used ISA with any frequency so I
can not tell you how to achieve this. I am sure that it is similar to the
AD logging....just do not know the details.

As to those users who are denied access to the Internet - or to certain
websites - using the user name and password of someone who is not
denied.....well, that sounds like an HR issue. It needs to be made clear
that people are not to share their username and password with anyone else.
And, there need to be consequences - to both parties - when this does
happen.

Cary