Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: User creation audit trail

from [Greg Mulholland] Network Security [Permanent Link]
Subject: Re: User creation audit trail
Date: Thu, 24 Aug 2006 09:10:24 +1000
Given that you created it manually and you had auditing turned on, you should be able to look for 626 or something in the 600 range under the "account management" category in you security log under the admin user account that created the account. It depends on how you long your logs go back. If you have multiple log files you might want to find a script of sorts that possibly does it. I dont think accinfo.dll gives you that info, just the last logon times.

Greg


----- Original Message ----- From: "Lee Clemens" <lee@leeclemens.net>
To: <focus-ms@securityfocus.com>
Sent: Wednesday, August 23, 2006 11:25 AM
Subject: User creation audit trail


Hello all,

I am trying to find a way to verify and when and by whom a user was created
on a Domain computer. The account was created on the local machine, so I'm
wondering if it is captured in the event log somewhere. And perhaps what the
event ID is for that, or anywhere else I could find out??

Thanks in advance,
Lee Clemens



---------------------------------------------------------------------------
---------------------------------------------------------------------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Workstation Shutdown / Logoff Policy :VSMail mx1, Allan Seyberth
Next by Date:  RE: User creation audit trail, Greg Merideth
Previous by Thread:  User creation audit trail, Lee Clemens
Next by Thread:  RE: User creation audit trail, Greg Merideth
Indexes:  [Date] [Thread] [Top] [All Lists]