1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Windows Event Log ID

Discussion in 'General Microsoft Certifications' started by Toadeh, Apr 4, 2007.

  1. Toadeh

    Toadeh Nibble Poster

    Might as well ask this in here.

    We have a server which someone keeps changing the region to USA instead of UK. Does it fire an event when the item is changed and if so, whats the event ID number.

    What I want to do is write a service which will mail the IS department when someone changes it so we can catch who it is

    Certifications: BSc(Hons), MCTS Web Development
  2. AJ

    AJ 01000001 01100100 01101101 01101001 01101110 Administrator

    Just tried on my server there was no entry of this in the event log. Not sure if you did some logging if that would tell you as well.

    I have to ask the question why anyone but your IT team has access never mind using one of your servers. The easiest thing to do is to lock the server with a password that only your IT people know. Then if it changes, you have narrowed down to a handful of people.
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Breathing in and out, but not out and in, that's just wrong
  3. Toadeh

    Toadeh Nibble Poster

    We have a thrid party item to make holiday bookings with that the company bought. The owners of the code wanted access to the server to do updates etc so we had to give them access. If it was upto us they wouldn't be allowed in.

    We also had to give them full admin rights on the server because some of their code won't work because its not that good. Wasnt my choice, I just work with the problem :)
    Certifications: BSc(Hons), MCTS Web Development
  4. garyb

    garyb Byte Poster

    Bloody hell, what a nightmare. :x If you must allow access I would lock the server down via GPO as much as possible, you can I think start with:

    User Config
    -- Administrative Templates
    -- Control Panel
    -- Regional & Language Options
    -- Restrict selection of Windows etc etc [Enable]

    This setting restricts users to the specified language by disabling the menus and dialog box controls in the Regional and Language Options Control Panel. If the specified language is not installed on the target computer, the language selection defaults to English.

    Hope it helps
    WIP: MCSA 2003
  5. Toadeh

    Toadeh Nibble Poster

    Nope, we can't do that. The code won't run if we did that, ours written in house would be great, theirs wouldn't work. Its bedroom programming at its best :)
    Certifications: BSc(Hons), MCTS Web Development
  6. wizard

    wizard Petabyte Poster

    If that's the scenario I would have told the company to bugger off, you're the client in this case so you've had the code written for you, so they have to program it to fit into the way your company works not the other way round. Methinks who ever took this company on needs shooting.
    Certifications: SIA DS Licence
    WIP: A+ 2009
  7. garyb

    garyb Byte Poster

    Are you saying you cannot create GPOs on one of your servers because it would prevent developers code working? If so, thats bad news mate, what if you really had to have locale set to UK to run SQL or something? Why not hide control panel then, surely you can do this without denting their code?

    Are you sure its not their code that keeps changing the locale:ohmy

    What about turning on auditing thru GPO and then on the root of the server to trace their logins, I take it they do have a seperate login from IT staff in your company?

    If they dont, they need one!:eek:

    WIP: MCSA 2003
  8. Toadeh

    Toadeh Nibble Poster

    Yeah they have their own login. Its basically a rubbish system which the company took on whilst I was in high school (i am that young) and they have stuck with it.

    We put an empty trigger on a database and they decided it broke their code, this is the level we are dealing with :)

    Like the idea of turning on the auditing, might suggest that one.
    Certifications: BSc(Hons), MCTS Web Development
  9. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    So let's say that auditing discovers that it's their login that's changing the region to USA (either through them doing it manually, or their weak code changing it). Given your current lack of ability to restrict them or stop using their services, what are you going to do? Tell them sternly not to change it again?

    If their code breaks when you implement GPOs, you're working with the wrong company... and if management refuses to see that, that's a danger sign of a larger problem that I'd not ignore. If it were me, I'd be posting resumes within the day.
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  10. csx

    csx Megabyte Poster

    I'm guessing the code is changing the format to USA so it can read date formats for whatever reasons correctly? if thats the case then surely they can redesign the code to do it the UK way and hence leave the format to UK!
    Certifications: A+, Network+, 70-271 & 70-272, CCENT, VCP5-DCV and CCNA
    WIP: Citrix
  11. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    Plenty of good ideas suggested.

    Why not lock down their logon with GP so they can’t change the time\regional settings? If they phone to complain then you know that they are causing the problem.

    I feel your pain. I have installed a few new SBS networks, all working perfectly until some crappy application is slapped on the server.

    The *fix* is to give everyone in the world domain administrator rights and cancel all backups. What a brilliant application. :blink
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Office 365, Server 2016, CEH
  12. Fergal1982

    Fergal1982 Petabyte Poster

    Personally, I wouldnt give them the ability to log into your servers whenever they feel the need. I would do whatever was necessary to prevent them logging onto the server, and when they needed to get on to make a change, they would need to request it with you guys first, and then have someone watching them when they ARE on the server.

    There is no reason really why a third party vendor should be able to make changes to your live system willy nilly, and if they are then its a shoddy system at best. i really do hope you guys arent paying for that rubbish.
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  13. Toadeh

    Toadeh Nibble Poster

    Yeah I agree with all the suggestions, There is not a lot I can do though, since I am just a developer trying to get round the issue and the management won't tell them to sod off cause the system is too integrated. Its mainly on there own server that we have (we don't let them access SQL servers or our filestores). The idea being, if they break it, its their problem, but the date format does leak into our sql data because of it.

    If i had my way i would not allow them on, but i'm just a software developer here so its nowt to do with me :)
    Certifications: BSc(Hons), MCTS Web Development

Share This Page