Auditoria Servicios Windows 2000/Windows 2003

dear team,

my questions are:

if could have log of services of windows?

when it stop or start?

could use event viewer , obtain stop , start? will i need server task?

thank help.

 

best wishes

gerardo montalvo

 

estimados miembros del foro,

mis preguntas son si es posible guardar una bitacora de cualquier servicio, cuando se detiene y cuando se arranca el mismo, en el event viewer o en algún log de servidor, en donde guarde hora y que usuario del dominio o usuario local realizó esta tarea. ¿es capáz el sistema operativo windows 2000/windows 2003 de esta tarea? ¿necesita de otro servidor para realizar esta tarea?

 

gracias por su ayuda.

 

saludos

gerardo montalvo

hi,

yes, event viewer provide server start , stop events 7036 (the xxx service entered stopped/ running  state). if events didn’t appear on system, please try following fix:

a service control manager (scm) event cannot logged in system event log on windows server 2003-based computer
http://support.microsoft.com/kb/917463

to audit stop or start service, can leverage group policy:

create gpo server, navigate to:
computer configuration | windows settings | security settings | system services | servicename

double-click service, click define policy setting, click edit security, click advanced, switch auditing tab, click add configure user , action audited.

navigate to:
computer configuration | windows settings | security settings | local policies | audit policy

enable "audit object access".  after that, run "gpupdate /force". should find service events in event log.

thanks. 

---

this posting provided "as is" no warranties, , confers no rights.

Windows Server  >  Group Policy