Restart or Shutdown Windows (XP, 2000 and Vista) from Command Line or One-Click Shortcut

In order to shutdown or restart the Windows with just one click shortcut or from command line, users can use shutdown command line utility/command that comes with Windows 2000 (with the Resource Kit installed) and Windows XP or Windows Vista (native). To access shutdown command, simply go to DOS command prompt by clicking on Start -> All Programs -> Accessories -> Command Prompt or Start -> Run and then type in Cmd to launch a command prompt window.

Type shutdown -s -t 01 Here "01" Means time for shutdown in no. of Seconds.

If you want brief discription for shutdown command

Type shutdown /? in command line

How To Monitor for Unauthorized User Access in Windows 2000

Summary:

This article describes how to monitor your system for unauthorized user access. There are two main steps: Enabling security auditing and viewing the security logs. Note that different systems have different security needs, and the security topic is complex. Any user who sets up security audits on your system must be assigned to administrative groups or be given security rights and privileges.

How to Enable Security Auditing

You set up security auditing differently depending on whether the computer is a standalone computer or a domain controller.

Standalone Servers, Member Servers, or Windows 2000 Professional

1. Click Start, click Run, type mmc /a, and then click OK.
2. On the Console menu, click Add/Remove Snap-in, and then click Add.
3. Under Snap-in, click Group Policy, and then click Add.
4. In the Select Group Policy Object box, click Local Computer, click Finish, click Close, and then click OK.
5. In the Local Computer Policy box, click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click Audit Policy.
6. In the details pane, click Audit logon events.
7. Click Action, click Security, select Unsuccessful logon attempts, and then click OK.

Windows 2000-Based Domain Controllers

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers
2. In the console tree, click Domain Controllers.
3. Click Action, and then click Properties.
4. Click the Group Policy tab, click Default Domain Controllers Policy, and then click Edit.
5. Click to expand Computer Configuration, Windows Settings, Security Settings, Local Policies, and then Audit Policy.
6. In the details pane, click Audit logon events.
7. On the Action menu, click Security, click to select the Define these policy settings check box, click to select the Failure check box, and then click OK.

How to View Security Logs

1. Click Start, point to Programs, point to Administrative tools, and then click Event viewer.
2. In the console tree, click Security log.
3. Look in the details pane for information about the event you want to view, and then double-click the event.

Troubleshooting

• If your computer is connected to a network, security logging may be restricted or disabled by a network policy.
• The security log is limited in size; carefully select the events to be audited and consider the amount of disk space you are willing to devote to the security log.
• If security auditing is enabled on a remote computer, you can view the event logs remotely with Event Viewer. Start a Microsoft Management Console (MMC) console in Author mode, and then add Event Viewer to the console. When you are prompted to specify which computer the snap-in will manage, click Another computer, and then type the name of the remote computer.
• Security auditing for workstations, member servers, and domain controllers can be enabled remotely only by domain administrators. To do this, create an organizational unit, add the appropriate machine accounts to the organizational unit, and then use Active Directory Users and Computers to create a policy to enable security auditing.

How to determine whether users changed their passwords before an account lockout

Summary :

This step-by-step article describes how to determine whether users changed their passwords before an account lockout. You may want to configure an audit account management policy to determine whether users changed their passwords before an account lockout occurred. This policy may be useful when users forget their new passwords, or when users continue to use their old passwords.

Audit Account Management in Microsoft Windows 2000 Server and Windows Server 2003

1. Click Start, and then click Run.
2. In the Open box, type mmc, and then click OK.
3. On the Console menu, click Add/Remove Snap-in, and then click Add.
4. In the Add Standalone Snap-in dialog box, click Group Policy, click Add, click Finish, click Close, and then click OK.
5. Double-click Local Computer Policy, and then double-click Computer Configuration.
6. Double-click Windows Settings, and then double-click Security Settings.
7. Double-click Local Policies, and then double-click Audit Policy.
8. In the right pane, double-click Audit account management.
9. In the Local Security Policy Setting dialog box, click to select the Success and the Failure check boxes, and then click OK.
10. Click Start, point to Programs, point to Administrative Tools, and then click Event Viewer.
11. Click Security Log, and then in the right pane, double-click Success Audit or Failure Audit.

Audit Account Management in Microsoft Windows NT 4.0

1. Click Start, point to Programs, point to Administrative Tools, and then click User Manager for Domains.
2. Click Policies on the menu bar, and then click Audit.
3. Click Audit These Events.
4. Click to select the Failure check box for the Logon and Logoff event.
5. Click to select the Success and the Failure check boxes for the User and Group Management event, and then click OK.
6. Click Start, point to Programs, point to Administrative Tools, and then click Event Viewer.
7. Click Log on the menu bar, and then click Security.

*******************************************************
The following is an example an account management event:


Event Type: Success Audit
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 642 Date: 8/12/2008
Time: 3:13:33 PM
User: CONTOSO\administrator
Computer: CONTOSO-DCB
Description: User Account Changed:
Target Account Name: t
Target Domain: CONTOSO
Target Account ID: CONTOSO\t
Caller User Name: administrator
Caller Domain: CONTOSO
Caller Logon ID: (0x0,0x233FF)
Privileges: -
Changed Attributes:
Sam Account Name: -
Display Name: - User
Principal Name: -
Home Directory: -
Home Drive: -
Script Path: -
Profile Path: -
User Workstations: -
Password Last Set: 8/12/2008 3:13:33 PM
Account Expires: -
Primary Group ID: -
AllowedToDelegateTo: -
Old UAC Value: -
New UAC Value: -
User Account Control: -
User Parameters: -
Sid History: -
Logon Hours: -
**************************************************

How to track users logon/logoff

The Auditing

Option 1:

1. Enable Auditing on the domain level by using Group Policy:

Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy

There are two types of auditing that address logging on, they are Audit Logon Events and Audit Account Logon Events.

Audit "logon events" records logons on the PC(s) targeted by the policy and the results appear in the Security Log on that PC(s).

Audit "Account Logon" Events tracks logons to the domain, and the results appear in the Security Log on domain controllers only


2. Create a logon script on the required domain/OU/user account with the following content:

echo %date%,%time%,%computername%,%username%,%sessionname%,%logonserver% >>
\\SERVER\SHARENAME$\LOGON.LOG

3. Create a logoff script on the required domain/OU/user account with the following content:

echo %date%,%time%,%computername%,%username%,%sessionname%,%logonserver% >>
\\SERVER\SHARENAME$\LOGOFF.LOG


Note: Please be aware that unauthorized users can change this scripts, due the requirement that

the SHARENAME$ will be writeable by users.


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Option 2:


Use WMI/ADSI to query each domain controller for logon/logoff events.

Technical help for a system administrator: RAID 5 overview

Technical help for a system administrator: RAID 5 overview

Technical help for a system administrator: regedit not opening

Technical help for a system administrator: regedit not opening

Technical help for a system administrator: Disabling USB storage on a Windows platform

Technical help for a system administrator: Disabling USB storage on a Windows platform