Network set up for testing event log deletion
- or -
Post a project like this3507
$$
- Posted:
- Proposals: 0
- Remote
- #553775
- Completed
Description
Experience Level: Intermediate
Test Set up on Windows 2003
Set up 4 machines (A,B,C,D, E)
A: Server Machine from where the event logs are deleted (A is domain BOS)
B: Another Server machine (B is domain BOS) and the drives on Server A can be mapped. Both are logged in by the same account.
C and D: PCs (Domain: CAM) from which remote desktop connection be set up to access Server A. This account has admin rights on both the servers A and B. C and D have admin rights on their own machine.
E: PC (Domain: CAM) is not aware of remote desktop connection credentials. This user has admin rights on the machine E. This user somehow obtains the login credentials on the Server.
Test Conditions I
a) D is remotely connected to server A and has no activity on the server.
b) i) C connects remotely to server A and schedules a Script (power shell) or third party (psExec) or DOS script to clear the contents of event logs
ii) C logs out from the remote session after the event logs clearance Schedule Task is set up
iii) D is still connected
c) D eventually logs out after the logs have been cleared.
Results:
Event id 517, (528 or 540 whichever is relevant) and any other relevant Windows Event for each case i.e. Powershell, psExec, DOS.
Do we need to stop Event Viewer Service before DOS script can be run. (Script for stopping event viewer)
Test Conditions II
i. D is remotely connected to server A and has no activity
ii. C connects to Server B and schedules a REMOTE Script (power shell) or third party (psExec) or DOS script to clear the contents of event logs from .
iii. C logs out after the event logs clearance Schedule Task is set up.
iv. D is still connected
v. D eventually logs out after the logs have been cleared.
Results:
Event id 517, (528 or 540 which ever is relevant) and any other relevant Windows Event for each case i.e. Powershell, psExec, Dos
Do we need to stop Event Viewer Service before DOS script can be run. (Script for stopping event viewer )
Test Conditions III
a. E machine download psExec on his machine
b. E can start EventViewer remotely on the server A
c. E can also write power shell script and run remotely on the server A
d. Both C and D are connected remotely to the server
Results:
Event id 517, (528 or 540 which ever is relevant) and any other relevant Windows Event for each case i.e. Powershell, psExec, Dos
Can Winevtutil be used in windows 2003?
Set up 4 machines (A,B,C,D, E)
A: Server Machine from where the event logs are deleted (A is domain BOS)
B: Another Server machine (B is domain BOS) and the drives on Server A can be mapped. Both are logged in by the same account.
C and D: PCs (Domain: CAM) from which remote desktop connection be set up to access Server A. This account has admin rights on both the servers A and B. C and D have admin rights on their own machine.
E: PC (Domain: CAM) is not aware of remote desktop connection credentials. This user has admin rights on the machine E. This user somehow obtains the login credentials on the Server.
Test Conditions I
a) D is remotely connected to server A and has no activity on the server.
b) i) C connects remotely to server A and schedules a Script (power shell) or third party (psExec) or DOS script to clear the contents of event logs
ii) C logs out from the remote session after the event logs clearance Schedule Task is set up
iii) D is still connected
c) D eventually logs out after the logs have been cleared.
Results:
Event id 517, (528 or 540 whichever is relevant) and any other relevant Windows Event for each case i.e. Powershell, psExec, DOS.
Do we need to stop Event Viewer Service before DOS script can be run. (Script for stopping event viewer)
Test Conditions II
i. D is remotely connected to server A and has no activity
ii. C connects to Server B and schedules a REMOTE Script (power shell) or third party (psExec) or DOS script to clear the contents of event logs from .
iii. C logs out after the event logs clearance Schedule Task is set up.
iv. D is still connected
v. D eventually logs out after the logs have been cleared.
Results:
Event id 517, (528 or 540 which ever is relevant) and any other relevant Windows Event for each case i.e. Powershell, psExec, Dos
Do we need to stop Event Viewer Service before DOS script can be run. (Script for stopping event viewer )
Test Conditions III
a. E machine download psExec on his machine
b. E can start EventViewer remotely on the server A
c. E can also write power shell script and run remotely on the server A
d. Both C and D are connected remotely to the server
Results:
Event id 517, (528 or 540 which ever is relevant) and any other relevant Windows Event for each case i.e. Powershell, psExec, Dos
Can Winevtutil be used in windows 2003?
Shalu S.
0% (0)Projects Completed
1
Freelancers worked with
1
Projects awarded
50%
Last project
1 Sep 2014
United States
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies