AUDIT PROBLEM USERS

At one time or another, most administrators end up dealing with a problem user. In some cases, the problems aren't the user's fault; instead, the issues stem from the user's profile, account, or other reasons beyond the user's control.

In other cases, however, it's the user who's at fault. This can involve constantly forgetting or using the wrong password, incorrectly typing the account name, attempting logon at prohibited times, or even trying to access resources for which he or she has no permissions.

Whichever type of user you're dealing with, auditing the user can help you identify problem sources and develop a long-term solution -- even if the solution is training or eventual termination.

Which types of events you audit for a given user depends on the problem area. For example, if a user is having trouble logging in or attempts to log in during unauthorized hours, you should audit account logon. Track object access to determine when a user attempts to access a resource such as a folder or file. Audit other events as appropriate according to the problems the user is having.