Hello,



I am need to be able to search, alert, and report on data from the
Windows Security Event Log. I need to be able to determine if any
login attempts (success|failure) are for users who have elevated
priveleges (administrator). This could be the administrator account
or any account that has admin priveleges. Is there somewhere in the
security event log that gives me an idea the level of priveleges the
user logging in has?

Thanks.

Kevin

hi
you can use eventcombmt.exe from the windows resource kit to search your domain controllers for specific security event logs.
i think event id 673 will give you success and failure audit logs. event comb can save the report in csv for you to easily read and format it.

cuan



KDawg44 wrote:

Finding Admin Logins in Security Event Log
07-Apr-10

Hello,

I am need to be able to search, alert, and report on data from the
Windows Security Event Log. I need to be able to determine if any
login attempts (success|failure) are for users who have elevated
priveleges (administrator). This could be the administrator account
or any account that has admin priveleges. Is there somewhere in the
security event log that gives me an idea the level of priveleges the
user logging in has?

Thanks.

Kevin

Previous Posts In This Thread:


Submitted via EggHeadCafe - Software Developer Portal of Choice
WPF Reflection Effect
http://www.eggheadcafe.com/tutorials...on-effect.aspx

On Apr 8, 8:18*pm, Cuan Blane wrote:

> hi
> you can use eventcombmt.exe from the windows resource kit to search your domain controllers for specific security event logs.
> i think event id 673 will give you success and failure audit logs. event comb can save the report in csv for you to easily read and format it.
>
> cuan
>
> KDawg44 wrote:
>
> Finding Admin Logins in Security Event Log
> 07-Apr-10
>
> Hello,
>
> I am need to be able to search, alert, and report on data from the
> Windows Security Event Log. *I need to be able to determine if any
> login attempts (success|failure) are for users who have elevated
> priveleges (administrator). *This could be the administrator account
> or any account that has admin priveleges. *Is there somewhere in the
> security event log that gives me an idea the level of priveleges the
> user logging in has?
>
> Thanks.
>
> Kevin
>
> Previous Posts In This Thread:
>
> Submitted via EggHeadCafe - Software Developer Portal of Choice
> WPF Reflection Effecthttp://www.eggheadcafe.com/tutorials/aspnet/8cc84aa8-3b44-4037-beab-4...

I have a log aggregator to compile and search the event logs. What I
was hoping for is a specific field in my logon events that illustrates
the privleges. I don't want to send pages out if John Smith connects
to the server, but if Fred Flintstone does, he has administrator
privileges and I need to page out to specific individuals.

Thanks for your help.

Kevin