Identify Administrative Logins RRS feed

  • Question

  • I need to be alerted whenever anyone logs on to a workstations with Admin level privileges.

    Alternatively, how can I identify privileged accounts programmatically?

    Is there an event id I can query in logs?

    We support several clients who have been given the domain administrator password for "special occasions".

    They sometimes use it to boost their regular account to the Admin group and leave it that way.

    With all the malware flying around out there this is a bad idea.

    Monday, June 3, 2013 10:07 PM