If you are concerned that your system has been compromised or accessed by someone with Administrative rights, you may wish to take some steps to protect your log files.
Regularly archive the Security (and any other you might choose) logs on all your servers to a secure location - that only you have access to. You might try robocopy.exe and schtasks.exe as a simple solution for this, or you can use one of the integrated log monitors available from third-party vendors.
Alternatively, you can wait for Microsoft's Audit Collection Services (ACS) to be released, which is a set of tools designed specifically for this purpose.
More information can be found here: http://www.windowsnetworking.com/kbase/WindowsTips/Windows2003/AdminTips/Admin/AuditCollectionServicesACS.html
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment