What we did, it was unintentional but would work in this case, was to only look at Exchange logs. Since our admin accounts dont have email accounts and we dont allow outlook on servers, we dont see user-id's on servers since moving away from active-directory lookups.
Just a thought.
Thats a valid point @ce1028 but we never allow our servers to connect to tinternet.
as soon as a valid user is associated with the server it goes off and does all manner of things..
We could have achieved this via security policy but ignoring users works for us, not everybodys cup of tea...
others may haVe different reasons.
We have servers that get DNS (this is required to make the world work)
We have servers that connect to SMTP ( e-mail seems to be a requirement of modern living)
Servers that transfer business related files ( SFTP, FTPS, ETC...)
All these run as service accounts, they don't generate a USER-ID...
As soon as an admin logs in, they become the associated user of this "server" traffic. Anythign they may really be initiatin gets lost. So it's a bit pointless.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!