How to log down command or action done on server

[SK]

Hi,
I want to know whether it is possible for Windows Server 2003 to log down
command or action done on it. If yes, how to accomplish this. Thanks.

SK

 

[S. Pidgorny]

That is virtually impossible on any OS. I think you can trace OS system
calls but overwhelming amount of information will be more or less useless.

What exactly are you trying to achieve?

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"SK" <SK@discussions.microsoft.com> wrote in message
news:A2ABB7A8-EC99-43B0-B543-EAC668DD8CBA@microsoft.com...
> Hi,
> I want to know whether it is possible for Windows Server 2003 to log down
> command or action done on it. If yes, how to accomplish this. Thanks.
>
> SK

 

[SK]

Hi,
I want to log down any action both entering command or clicking via GUI done
on the server, so that I can trace whether the server is being used by
someone unexpectedly. Thanks.

SK

"S. Pidgorny <MVP>" wrote:

> That is virtually impossible on any OS. I think you can trace OS system
> calls but overwhelming amount of information will be more or less useless.
>
> What exactly are you trying to achieve?
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> "SK" <SK@discussions.microsoft.com> wrote in message
> news:A2ABB7A8-EC99-43B0-B543-EAC668DD8CBA@microsoft.com...
> > Hi,
> > I want to know whether it is possible for Windows Server 2003 to log down
> > command or action done on it. If yes, how to accomplish this. Thanks.
> >
> > SK
>
>
>

 

[S. Pidgorny]

Audit log ons and running all the .exe files on the current image


--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"SK" <SK@discussions.microsoft.com> wrote in message
news:764783D4-7E95-46F0-8CD4-AEE28BE55A6C@microsoft.com...
> Hi,
> I want to log down any action both entering command or clicking via GUI
> done
> on the server, so that I can trace whether the server is being used by
> someone unexpectedly. Thanks.
>
> SK
>
> "S. Pidgorny <MVP>" wrote:
>
>> That is virtually impossible on any OS. I think you can trace OS system
>> calls but overwhelming amount of information will be more or less
>> useless.
>>
>> What exactly are you trying to achieve?
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>
>> "SK" <SK@discussions.microsoft.com> wrote in message
>> news:A2ABB7A8-EC99-43B0-B543-EAC668DD8CBA@microsoft.com...
>> > Hi,
>> > I want to know whether it is possible for Windows Server 2003 to log
>> > down
>> > command or action done on it. If yes, how to accomplish this. Thanks.
>> >
>> > SK
>>
>>
>>

 

[SK]

Hi Pidgorny,
Can you describe in more details on how to "running all the .exe files on
the current image" after enabling the audit logging? Thanks.

SK

"S. Pidgorny <MVP>" wrote:

> Audit log ons and running all the .exe files on the current image
>
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> "SK" <SK@discussions.microsoft.com> wrote in message
> news:764783D4-7E95-46F0-8CD4-AEE28BE55A6C@microsoft.com...
> > Hi,
> > I want to log down any action both entering command or clicking via GUI
> > done
> > on the server, so that I can trace whether the server is being used by
> > someone unexpectedly. Thanks.
> >
> > SK
> >
> > "S. Pidgorny <MVP>" wrote:
> >
> >> That is virtually impossible on any OS. I think you can trace OS system
> >> calls but overwhelming amount of information will be more or less
> >> useless.
> >>
> >> What exactly are you trying to achieve?
> >>
> >> --
> >> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> >> -= F1 is the key =-
> >>
> >> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
> >>
> >> "SK" <SK@discussions.microsoft.com> wrote in message
> >> news:A2ABB7A8-EC99-43B0-B543-EAC668DD8CBA@microsoft.com...
> >> > Hi,
> >> > I want to know whether it is possible for Windows Server 2003 to log
> >> > down
> >> > command or action done on it. If yes, how to accomplish this. Thanks.
> >> >
> >> > SK
> >>
> >>
> >>
>
>
>

 

[S. Pidgorny]

Easy. Once the audit on the files is enabled, access to .exe files will be
audited. The information will include who runs what.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"SK" <SK@discussions.microsoft.com> wrote in message
news:C57E4902-759E-459E-92C5-AE83E9734423@microsoft.com...
> Hi Pidgorny,
> Can you describe in more details on how to "running all the .exe files on
> the current image" after enabling the audit logging? Thanks.
>
> SK
>
> "S. Pidgorny <MVP>" wrote:
>
>> Audit log ons and running all the .exe files on the current image
>>
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>
>> "SK" <SK@discussions.microsoft.com> wrote in message
>> news:764783D4-7E95-46F0-8CD4-AEE28BE55A6C@microsoft.com...
>> > Hi,
>> > I want to log down any action both entering command or clicking via GUI
>> > done
>> > on the server, so that I can trace whether the server is being used by
>> > someone unexpectedly. Thanks.
>> >
>> > SK
>> >
>> > "S. Pidgorny <MVP>" wrote:
>> >
>> >> That is virtually impossible on any OS. I think you can trace OS
>> >> system
>> >> calls but overwhelming amount of information will be more or less
>> >> useless.
>> >>
>> >> What exactly are you trying to achieve?
>> >>
>> >> --
>> >> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> >> -= F1 is the key =-
>> >>
>> >> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>> >>
>> >> "SK" <SK@discussions.microsoft.com> wrote in message
>> >> news:A2ABB7A8-EC99-43B0-B543-EAC668DD8CBA@microsoft.com...
>> >> > Hi,
>> >> > I want to know whether it is possible for Windows Server 2003 to log
>> >> > down
>> >> > command or action done on it. If yes, how to accomplish this.
>> >> > Thanks.
>> >> >
>> >> > SK
>> >>
>> >>
>> >>
>>
>>
>>