All,
I have quite the dilemma on my hands. I work on a pretty large AD
domain with nearly 100 domain controllers. We recently had an OU with
about 5000 users deleted from the directory. I know the name of the
userid responsible, but....it is a shared account. (I know, but with
over 100,000 users, these things slip by)
What I need to do is track back to the workstation that was used for
the login, and I haven't had much luck. I'm focusing on event 673,
but I'm not sure this is the right angle. Any ideas??
TIA,
-Ds
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
All,
I have quite the dilemma on my hands. I work on a pretty large AD
domain with nearly 100 domain controllers. We recently had an OU with
about 5000 users deleted from the directory. I know the name of the
userid responsible, but....it is a shared account. (I know, but with
over 100,000 users, these things slip by)
What I need to do is track back to the workstation that was used for
the login, and I haven't had much luck. I'm focusing on event 673,
but I'm not sure this is the right angle. Any ideas??
TIA,
-Ds
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
[ reply ]