How to set log files on Windows Server 2003?

By RayFoxxe ·
We have a computer server in our company that's running on Windows Server 2003. And lately, it has been detecting a lot of infections in the system itself. It wasn't infections that came from internet or network since we're pretty confident of our anti-virus program. (Symantec Antivirus). But, we suspect that one of our IT team members is the one responsible for this infection. We suspect he's plugging in an infected removable drive/USB device and disabling the anti-virus system so that he can download/upload his files on our system (we suspect him to be doing some unprofessional things, but since he's an IT too, he knows how to remove history logs). We're wondering if there's a way to trace recent computer activity on our server. Besides using the Event Viewer from Windows Computer Management Console. Any suggestions?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Request for Clarification

by robo_dev In reply to Clarifications

So you think he's plugging USB directly into the server itself? (idiot)

You need to implement a process to forward the event and security logs to another server.

Turn on the audit-log features you need

Also, I would set things like USB to be disabled, so that it would leave an audit log entry when he started the plug and play and USB services.

Collapse -

Can't disable USB

by RayFoxxe In reply to How to set log files on W ...

We can't do that, we need it left on because we also use USBs to transfer data and files when we're editing the server system. We already tried audit-logging but we need a much more accurate data besides knowing when the USB is plugged and what files were taken or programs accessed. We need to know which USB device it is, like the name of the USB as it appears on the computer.

Related Discussions

Related Forums