Guarding Windows 2000 servers from unauthorized users

With maintaining the security of corporate data available on your organization's servers becoming more critical, administrators now must monitor their servers for unauthorized user access.

Checking unauthorized access basically involves enabling security auditing and viewing the security logs. One thing which is needed to set up security audits on servers is that you should be a member of administrative groups or have security rights and privileges.

To enable security auditing on standalone servers or Windows 2000 Professional, follow these steps:

  1. Go to Start. Select Run.
  2. Type mmc /a in the Run dialog box. Click OK.
  3. On the Console menu, go to File menu and click Add/Remove Snap-in.
  4. Click on the Add button. This will open up another window.
  5. Click Group Policy. Then click on Add button.
  6. In the Select Group Policy Object box, click Local Computer, click Finish, click Close, then click OK.
  7. In the Local Computer Policy box, click Computer Configuration ->Windows Settings - > Security Settings -> Local Policies -> Audit Policy.
  8. In the details pane, click Audit logon events.
  9. Click Action -> Security, select Unsuccessful logon attempts and hit OK.

Requires Free Membership to View

To enable security auditing on Windows 2000-Based Domain Controllers, folow these steps:

  1. Go to Start -> Programs -> Administrative Tools.
  2. Click Active Directory Users and Computers.
  3. In the console trees, select Domain Controllers.
  4. Click on Action, then click Properties.
  5. Click the Group Policy tab -> Default Domain Controllers Policy, and click Edit.
  6. Expand the Computer Configuration, Windows Settings, Security Settings, Local Policies, and then Audit Policy.
  7. In the details pane, click Audit logon events.
  8. On the Action menu, click Security, and select the "Define these policy settings check box" and click to select the Failure check box, and then click OK.

After enabling the security auditing, follow these steps to view the Security Logs:

  1. Click Start -> Programs -> Administrative tools.
  2. Select Event viewer.
  3. In the console tree, click Security log.
  4. Look in the details pane for information about the event you want to view. Double-click the event if you feel there's something fishy about it.

With the above steps, administrators can keep a close watch on users who are trying to gain illegal access to data on the servers.

About the author: Rahul Shah currently works at a software firm in India, where he is a systems administrator maintaining Windows servers. He has also worked for various software firms in testing and analytics, and also has experiences deploying client/server applications in different Windows configurations.

More information on this topic:

This was first published in December 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.