devil666
Dec 4 2003, 10:57 AM
Little Question,
Does Terminal server log it's connections
and if so, where are the logfiles,
Can't find them
coder
Dec 4 2003, 12:25 PM
Event Log Location ->
The Event log settings can be configured in the following location within the Group Policy Object Editor:
Computer Configuration\Windows Settings\Security Settings\Event Log\Settings for Event Logs
Solution for admins ->
Prevent local guests group from accessing event logs
The Prevent local guests group from accessing event logs setting determines if guests are prevented from accessing the application, security, and system event logs.
The possible values for this Group Policy setting are:
Enabled
Disabled
Not Defined
Note This setting does not appear in the Local Computer Policy object.
This security setting affects only computers running Windows 2000 and later.
Vulnerability
An attacker who has successfully logged onto a computer with guest privileges could learn important information about the system by viewing the event logs. The attacker could then use this information to implement additional exploits.
Countermeasure
Enable the Prevent local guests group from accessing event logs setting for the policies of all three event logs.
batigoooal
Dec 4 2003, 01:04 PM
TSE log connection in the event log, but in Win2k he don't log IP for example but name of the workstation.
In win2k3 the log have the IP of the workstation.
The client printer who is by default mounted to the server are logfged too
See ya,
andydis
Dec 4 2003, 03:25 PM
Terminal server also has a Terminal server manager on win2k/2k3,
they can view your connection to see what your doing and even take over your session.
start> program file> administrator tools> terminal server manager.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
