Windows 2008 has brought and introduced many new futures making the administration easy. Very first time in the windows history getting some of the necessary basic administration task is not complicated anymore. I am sure many of you always wanted to know or notified if there are changed been made on your Exchange server or domain controller. The way we have been finding these out so far if someone another domain admin breaks certain stuff and we get the notice after damage is done. Consider this is a big environment and many people have domain admin rights due to some unknown reason.
Anyway the shot story is windows 2008 is very smart and I am sure you will enjoy more you get to know it.
Problem:
Domain administrators logging on to Active directory domain controllers and Exchange servers and any other application server and they might be making changes. We have no way of knowing when they log in or if they are using service account to log in to do certain things which is not acceptable by corporate security policy.
Domain administrator user name: zz-JTucker is keep logging onto servers ( because he is domain admin (-:, ) and we don't want him to change things on our server or we want to know as soon as he logs on to one of our server.
Goal:
We would like to take smart approach and we want to know if either certain user / Group etc, logging on to critical windows 2008 servers.
We want to receive automatic e-mail being sent to us, when this event occurs and we want to run certain script to run at the same time based on our needs
Once we establish some basic configuration we can extend this based on our needs.
Scenario:
User names Mike (or a group) is one of the domain admins and we don't want Mike to log onto out servers. Or when Mike logs in we want to get notified.
We want to monitor some of activities or even event logs, such as, NTFRS issues, any SYSvol replication issues, any DNS issues, any other event logs it might be useful for you.
Solution:
Log into one of your windows 2008 server
- Click on start go to run
- Type, "taskschd.msc"
- Expend, Task Scheduler, expend Microsoft, windows and , on the right pane we will click on new folder and name the folder as "AD Alert"
Now we have the folder and we will create schedule job. Click on Create task name it "AD-Alert user logged in"
When running the task, you may want to change this to user account going to be used for this purpose, I have creates user account in my domain and named it as "svc-Alert" for all scheduled task I will be creating going forward for all my needs.
Click on Triggers and click on new, click on begin task and pick "At logon" choose "Specific user or group and click on change user and pick the account for " zz-JTucker" ( John Tucker is domain administrator) and click on okay.
Click on actions, click new and actions menu pick send e-mail , from address Alert@smtp25.org to Alert@smtp25.org ( this is DL I created and I am member of this DL), fill out all required spaces, such as from to address and the relay server FQDN. Make sure you can open telnet from this server to the relay server and able to see 220.
Click okay the lst thing you want to do is make a right click and go to properties and select, "Hidden" for this task.
Now whenever the user " zz-JTacker" you will get an warning e-mail letting you know. You can also make a right click and select run to test the scheduled job.
Second part we will look into how to prompt a disclaimer to the user on the logon process
--Oz Ozugurlu
MVP (Exchange) MCITP (EMA),
MCITP (SA) MCSE 2003, M+, S+,
MCDST, Security+, Project +, Server +
Blog: http://www.smtp25.blogspot.com
2 comments:
Scheduler control for Windows Forms
Best Moving Company +971 50 3605353
We are Cheap Movers in Dubai, providing best moving
services at reasonable prices. Call Now for Residential and Commercial Dubai Movers +971503605353
Dubai Movers
Movers Dubai
moving services dubai
moving company
movers dubai
home movers dubai
Packer in Dubai
Local Movers
Cheap Movers in Dubai
Dubai Local Movers
http://www.advmovers.com/
Post a Comment