N
newsposter
Other than the event viewer is there anywhere else to track down when
someone else may have logged on as administrator?
Thanks.
someone else may have logged on as administrator?
Thanks.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
R
Roger Abell
Last accessed timestamps on files in their account profiles.
P
Peter Clark
yes - check their ntuser.dat file or search for ntuser.dat
in c:\documents and settings\ -> sort by date, however
theres a value logged in the sam file of when the user was
last logged on at:
HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\%userno%\F
offset:8 length:8 (format similar to registry time???) if
you want me to verify and explain how to calculate the time
precisely, send me an email.
in c:\documents and settings\ -> sort by date, however
theres a value logged in the sam file of when the user was
last logged on at:
HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\%userno%\F
offset:8 length:8 (format similar to registry time???) if
you want me to verify and explain how to calculate the time
precisely, send me an email.
N
newsposter
Roger said:Last accessed timestamps on files in their account profiles.
Ok thanks, so even if they deleted the logs, I could tell that they
logged on after me yesterday, but before me today. I'm thinking that
they logged on under admin and found out my password. I don't want to
change it yet because I want to be able to verify the admin acct was
logged into.
R
Roger Abell
Well, keep in mind that if you go by last-accessed timestamps
you get one chance to find out the timestamp as your access will
update it.
You said
it as you use it, or unless you have used a weak one that is easy
to crack after they lift the SAM. Otherwise, XP does not store
you password so they could not have dug it out from XP.
you get one chance to find out the timestamp as your access will
update it.
You said
This cannot be done, unless they install a key logged and catchthey logged on under admin and found out my password
it as you use it, or unless you have used a weak one that is easy
to crack after they lift the SAM. Otherwise, XP does not store
you password so they could not have dug it out from XP.
N
newsposter
I obviously misspoke and didn't mean they logged on then found my
password. oops sorry.
password. oops sorry.