| 232 |
| Configuring Windows 2000 to notify you of invalid logon and |
| unsuccessful file access attempts |
| You can configure Windows 2000 to use a pop-up message to notify you of failed logon attempts |
| (such as someone attempting to log on as administrator with an invalid password) as well as users' |
| attempts to access files for which they don't have the necessary permissions by creating a log file |
| and then basing an alert on that log file within the Performance MMC. Let's start by looking at |
| how you should create the log file. |
| To create an alert for monitoring invalid logon and unauthorized file access attempts, you first |
| need to create a log file to monitor for those attempts. Begin by opening the Performance MMC. |
| (From the Start menu, choose Programs | Administrative Tools | Performance.) In the console tree, |
| expand Performance Logs And Alerts. Right-click on Counter Logs and choose New Log Settings. In |
| the Name text box, type a name for the log settings such as Unauthorized Access and then click |
| You now see a dialog box that you can use to specify the counter you want to log in the file. Below |
| Counters, click Add. From the Performance Object dropdown list, select Server. Below Select |
| Counters From List, select Errors Access Permissions. This counter enables you to determine the |
| number of times someone has attempted to log on to your server with an invalid username or |
| password (or both) as well as the number of times someone has attempted to access a file for which |
| he doesn't have the necessary permissions. Click Add to add this counter to the log file, and then |
| click Close to close the Select Counters dialog box. |
| You next need to define the type of log file you want to create and where you want to store it. In the |
| Properties dialog box for your new log file, select the Log Files tab. Below Log File Name, specify |
| the folder and name you want to assign to the file. By default, the Performance MMC assumes you |
| want to store the log file in a folder named C:\PerfLogs. From the Log File Type dropdown list, |
| select Text File | CSV. Next, select the Schedule tab. Use this tab to schedule when you want |
| Windows 2000 to capture the unauthorized attempts to the log file. When you're ready, click OK to |
| save your settings for the log file. Now that you've created your log file, your next step is to create |
| an alert so you can be notified whenever someone unsuccessfully attempts to log on to your server |
| or open a protected file. |
| The first thing you need to do is to save the settings for defining the log file; you're then going to |
| use these settings to define the alert. In the console tree of the Performance MMC, select Counter |
| Logs. In the details pane, right-click on the log file you defined for capturing unauthorized logon |
| and file access attempts and choose Save Settings As. Type a filename for the log file settings and |
| select the folder in which you want to store the HTM file, and then click Save. Next, right-click on |
| Alerts and choose New Alert Settings From. In the Open dialog box, select the HTM file you |
| created for storing the log file settings and click Open. Click OK to close the message box warning |
| you about creating an alert based on log file settings. |
| In the Name text box, type a name for the alert (by default, the Performance MMC assumes you |
| want to assign the same name to the alert as the log file) and click OK. On the General tab of the |
| Properties dialog box for the alert, from the Alert When The Value Is dropdown list, select Over. In |
| the Limit text box, enter a value for when you want the alert to notify you. For example, if you want |
| the alert to notify you after one failed logon attempt or file access, enter a value of 1 in the Limit |
| Next, you need to specify what action(s) you want Windows 2000 to take if the alert is triggered. To |
| do so, select the Action tab. By default, the Performance MMC configures the alert to log an event |
| in the Application log. If you want the server to notify you via a pop-up message, select the Send A |
| Network Message To check box and enter your computer's name or IP address in the text box. |
| Finally, you must schedule the alert to run in order to be notified of any unauthorized logon or file |
| attempts. Select the Schedule tab, and configure the settings for starting and stopping the alert. |
| By default, the Performance MMC starts the alert automatically and doesn't configure the alert |
| with a stop date. Click OK to save your changes. At this point, your server will now notify you |
| whenever any invalid logon or unauthorized file access attempts occur on your server. Keep in |
| mind that your computer must be up and running for it to receive the pop-up messages. |
First Previous Next Last |