If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Monitoring Local logins by Domain Administrators
Hi,
In my organisation we have implemented dual user accounts for IT administrators - A non-admin account for logging on and normal use, and a system admin account for RDP'ing onto servers, accessing network resources etc. Ideally the system admin accounts should only ever be used on workstations via the RunAs command. Is there a way of monitoring this to ensure that no-one is logging on locally using a sys admin account? I have tried using Security Audit Event Logs but they class both local logon and RunAs as 'Interactive Logon', so I cannot distinguish which is which. The only other idea I have is to attach a login script that will somehow check if there is already a currently logged in user, which would indicate that the sys admin account is being accessed via runas, but I am unsure of the best way to implement this. many thanks. |
Ads |
Thread Tools | |
Display Modes | |
|
|