Logging login event

[Fredrik Wahlgren]

Hi

Minutes ago, I wanted to shut down my computer when I was grreted by a
message saying that other users were logged on. This is *not* something I
expect. The security log was empty. How can I be alerted if someone tries to
login to my computer? I use Windos XP Professional.

Regards,
Fredrik

 

[Tom [Pepper] Willett]

Are you on a network of any kind? File sharing enabled for anything/anyone?
P2P software installed?

Tom

 

[Fredrik Wahlgren]

Just broadband connection. I have dsabled the Guest acoount and I don't have
any P2P software installed. Is it possible that this was caused by some
program using the Visual Studio Analyzer account or similar? I wasn't using
it at the time. BTW I have figured out how to log login events? If there's a
remote login, I hope it logs the IP address.

Regards,
Fredrik

Are you on a network of any kind? File sharing enabled for
anything/anyone?
P2P software installed?

Tom

Hi

Minutes ago, I wanted to shut down my computer when I was grreted by a
message saying that other users were logged on. This is *not* something I
expect. The security log was empty. How can I be alerted if someone tries
to login to my computer? I use Windos XP Professional.

Regards,
Fredrik

 

[Steven L Umbach]

You won't see an IP address in the security log but you should see a type 3
network logon if any other user has accessed your computer from the network
and the name of the computer. Since it sounds like you have no other
computers that need to access your computer I suggest that you disable file
and print sharing. You can use the command net sessions next time you see
that message to see if any user is connected via file and print sharing and
use netstat -an to see if it shows any other IP address connected to your
computer to one of your server services though that will take some detective
work to see what are established connections that you have to another
computer and what if any are connected to you. It is usual to see your
computer with an established connection to a foreign address with well known
ports after the IP xxx.xxx.xxx.xxx:80 such as ports 53, 80, 443, 119, 110,
or 25.

Of course a firewall is needed to protect your network and the other
suggestions at the link below for Protect Your PC and be sure to do malware
and spyware scans using the latest definitions for whatever you scan with
and also scan with something like Ewido that may find trojans that other
malware programs do not. --- Steve

http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
http://www.ewido.net/en/ --- Ewido
http://www.sysinternals.com/Utilities/TcpView.html -- TCPView free GUI
port use program.

Just broadband connection. I have dsabled the Guest acoount and I don't
have any P2P software installed. Is it possible that this was caused by
some program using the Visual Studio Analyzer account or similar? I wasn't
using it at the time. BTW I have figured out how to log login events? If
there's a remote login, I hope it logs the IP address.

Regards,
Fredrik

Are you on a network of any kind? File sharing enabled for
anything/anyone?
P2P software installed?

Tom

Hi

Minutes ago, I wanted to shut down my computer when I was grreted by a
message saying that other users were logged on. This is *not* something
I expect. The security log was empty. How can I be alerted if someone
tries to login to my computer? I use Windos XP Professional.

Regards,
Fredrik

 

[Fredrik Wahlgren]

This makes sense. I will check out the links you were kind enough to privde.
Thanks again.
/Fredrik

You won't see an IP address in the security log but you should see a type
3 network logon if any other user has accessed your computer from the
network and the name of the computer. Since it sounds like you have no
other computers that need to access your computer I suggest that you
disable file and print sharing. You can use the command net sessions next
time you see that message to see if any user is connected via file and
print sharing and use netstat -an to see if it shows any other IP address
connected to your computer to one of your server services though that will
take some detective work to see what are established connections that you
have to another computer and what if any are connected to you. It is usual
to see your computer with an established connection to a foreign address
with well known ports after the IP xxx.xxx.xxx.xxx:80 such as ports 53,
80, 443, 119, 110, or 25.

Of course a firewall is needed to protect your network and the other
suggestions at the link below for Protect Your PC and be sure to do
malware and spyware scans using the latest definitions for whatever you
scan with and also scan with something like Ewido that may find trojans
that other malware programs do not. --- Steve

http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
http://www.ewido.net/en/ --- Ewido
http://www.sysinternals.com/Utilities/TcpView.html -- TCPView free GUI
port use program.

Just broadband connection. I have dsabled the Guest acoount and I don't
have any P2P software installed. Is it possible that this was caused by
some program using the Visual Studio Analyzer account or similar? I
wasn't using it at the time. BTW I have figured out how to log login
events? If there's a remote login, I hope it logs the IP address.

Regards,
Fredrik

Are you on a network of any kind? File sharing enabled for
anything/anyone?
P2P software installed?

Tom

message Hi

Minutes ago, I wanted to shut down my computer when I was grreted by a
message saying that other users were logged on. This is *not* something
I expect. The security log was empty. How can I be alerted if someone
tries to login to my computer? I use Windos XP Professional.

Regards,
Fredrik