Problem solve Get help with specific problems with your technologies, process and projects.

Guarding Windows 2000 servers from unauthorized users

Administrators must guard their company's servers against unauthorized user access. Checking for unauthorized access involves enabling security audits and viewing the security logs. To set up security audits on servers, you should be a member of administrative groups or have security rights and privileges.

With maintaining the security of corporate data available on your organization's servers becoming more critical, administrators now must monitor their servers for unauthorized user access.

Checking unauthorized access basically involves enabling security auditing and viewing the security logs. One thing which is needed to set up security audits on servers is that you should be a member of administrative groups or have security rights and privileges.

To enable security auditing on standalone servers or Windows 2000 Professional, follow these steps:

  1. Go to Start. Select Run.
  2. Type mmc /a in the Run dialog box. Click OK.
  3. On the Console menu, go to File menu and click Add/Remove Snap-in.
  4. Click on the Add button. This will open up another window.
  5. Click Group Policy. Then click on Add button.
  6. In the Select Group Policy Object box, click Local Computer, click Finish, click Close, then click OK.
  7. In the Local Computer Policy box, click Computer Configuration ->Windows Settings - > Security Settings -> Local Policies -> Audit Policy.
  8. In the details pane, click Audit logon events.
  9. Click Action -> Security, select Unsuccessful logon attempts and hit OK.

To enable security auditing on Windows 2000-Based Domain Controllers, folow these steps:

  1. Go to Start -> Programs -> Administrative Tools.
  2. Click Active Directory Users and Computers.
  3. In the console trees, select Domain Controllers.
  4. Click on Action, then click Properties.
  5. Click the Group Policy tab -> Default Domain Controllers Policy, and click Edit.
  6. Expand the Computer Configuration, Windows Settings, Security Settings, Local Policies, and then Audit Policy.
  7. In the details pane, click Audit logon events.
  8. On the Action menu, click Security, and select the "Define these policy settings check box" and click to select the Failure check box, and then click OK.

After enabling the security auditing, follow these steps to view the Security Logs:

  1. Click Start -> Programs -> Administrative tools.
  2. Select Event viewer.
  3. In the console tree, click Security log.
  4. Look in the details pane for information about the event you want to view. Double-click the event if you feel there's something fishy about it.

With the above steps, administrators can keep a close watch on users who are trying to gain illegal access to data on the servers.

About the author: Rahul Shah currently works at a software firm in India, where he is a systems administrator maintaining Windows servers. He has also worked for various software firms in testing and analytics, and also has experiences deploying client/server applications in different Windows configurations.

More information on this topic:

Dig Deeper on Windows Server deployment

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.