D
Doug Porter
I have a problem with "something" accessing the SAM
database, trying to hack our passwords. The "something"
may be a worm or virus on the inside of the firewall. I'd
like to set up auditing for write-attempts to the SAM
database on my NT 4.0 domain controllers, but don't know
where the SAM database is located on the server or where
it's located. I have already implemented failure auditing
for logons via policies, and used that information to
(partially?) lock down access from outside the firewall.
The external attacks stopped for a week or so, but now I'm
trying to see if it's a worm/virus that's already inside.
database, trying to hack our passwords. The "something"
may be a worm or virus on the inside of the firewall. I'd
like to set up auditing for write-attempts to the SAM
database on my NT 4.0 domain controllers, but don't know
where the SAM database is located on the server or where
it's located. I have already implemented failure auditing
for logons via policies, and used that information to
(partially?) lock down access from outside the firewall.
The external attacks stopped for a week or so, but now I'm
trying to see if it's a worm/virus that's already inside.