Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problems every Monday. 1

Status
Not open for further replies.
Scruby

Scruby

IS-IT--Management
Jul 16, 2003
143
US
I have an Administrator that works on the weekends, he was off for two weeks we had no problems with the network, when he came back he did not work the first weekend no problems. The next weekend he work on Monday we had lots of problems users could not access email, some citrix and other minor issues. This seem to be the same pattern in the past every Monday when we come in there are tons of problems. He goes into the server room and they all magically just disappear. Is there a way that I can find out what he is doing on the weekends? Windows 2000 servers.

Thanks, Scruby
 
Sort by date Sort by votes
Log files and auditing. Enable auditing of file and server access by his account and any other account you think he might log in as, and check your event logs to see if they have any useful records.
 
Upvote 0 Downvote
That does sound quite suspicious. Perhaps you can turn on auditing to monitor priviledge access by his account, then check the Security log in the Event Viewer after he leaves. Or better yet, install a secret security camera aimed at the monitor so you can see for yourself! ;-)

Perhaps you should require him to account for his activities. Make a log of what was wrong, what caused the problem and how he fixed it. If he is being sneaky and creating problems to fix to make himself look important, this requirement would make it harder.

On the other hand, is his role a security expert? If so, tightening security always presents problems to end users. Usually after implementing tightened security policies, it will prevent certain actions. The one who implemented it will then have to go back and loosen it a little by poking holes in the security here and there to allow for necessary activities. In this case, the problems occuring after he works, and soon being fixed by him later is perfectly normal.

- Zoe, that's ZOH-EEE, get it right please
- Just a little ol' MCP at Solien Technology
-
 
Upvote 0 Downvote
well, besides installing a camera to view the monitor. An easier way of doing it is to install a secret keylogger that logs every applications that are used and everything keys that pressed with snap shots of the screen. You can check out:
iOpus STARR at
it is an excellent keylogger with a ton of features.

Hope it helps,
LoJACK

p.s. And if you do find out that it is him that is causing the problems, please keep me updated.. I would like to know what he was doing this way I can protect my network from the same thing happening.
 
Upvote 0 Downvote
Also keep in mind that this 'Administrator' may be logging in with the default Administrator account so logging could be quite difficult (was that administrator#1 or administrator#2 that made the change?). Here is a great article on how to prevent this problem from occuring by randomizing the password. Please visit:


or

and search for InstantDoc #24555

- this comes down to people being honest and responsible for their actions. Make them responsible for any and all changes they make - reprimand them for not notifying you what the did to resolve a problem. In a previous life I worked with another administrator who never told me what changes he made. Don't make yourself responsible for changes/problems/solutions you did not create.
 
Upvote 0 Downvote
You guys are totally awesome; I fill like I can come to you with anything. You always help me out and I just want to say thanks. I am a true believer that when some one helps another they will receive a reward. After you help someone the good things that come to you are a result of helping others. I know because I just bought some school supplies for a kid so that he could return to school with dignity he does not have a Dad and the Mom lost her job it did not take long this week several people from work said that they would pay me to look at there computer and a friend just asked me and my family to go to Palm Springs with them all expenses paid for.

LoJACK- This is a cool product for sure I am going to buy for home to make sure my kid don’t get into trouble.

Jmarquart- I will read these articles and put them to use.

BigOrange and Packdragon- I just found the command eventquery new to Window 2003 server since we are currently migrating to 2003 currently I will use this command to automate my event searches.
 
Upvote 0 Downvote
HI.

> Is there a way that I can find out what he is doing on the weekends?
Have you asked him?
What did he say?

I don't think that the suggestions above are good for you - if the administrator isn't doing the job right then the solution is to get another one, but first thing is to simly ask and listen to what he has to say.

It could also be something like a misconfigured scheduled anti virus scan (Norton NAVCE by default install will corrupt Exchange databases...), and more.

Maybe some service does not load fine after a reboot, etc...

Anyway - first and main step is to ask.



Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

amanua
  • Locked
  • Question
Event ID 13508 Sysvol replication problems
Replies
0
Views
80
amanua
amanua
merang
  • Locked
  • Question
tcl array problems
Replies
0
Views
58
merang
merang
stergiosnik
  • Locked
  • Question
Windows Server 2003 microsoft update problems
Replies
1
Views
70
ShackDaddy
ShackDaddy
mbtransport
  • Locked
  • Question
Frustrating SP2 Install Problems
Replies
0
Views
46
mbtransport
mbtransport
irbk
  • Locked
  • Question
Strange DCOM errors every day
Replies
6
Views
242
irbk
irbk

Part and Inventory Search

Sponsor

Back
Top