08-24-2007 10:54 AM
Hi,
We gave access to su01.we have given one user id to group of 10 people.one guy has changed password.Can we trace that guy I.P address of that guy.
Regards,
sekar
08-24-2007 11:08 AM
If you have the security audit log switched (SM20) on then you <i>might</i> be able to trace the IP.
Why did you give 1 user ID with access to 10 users? That is highly irresponsible especially if it is a production environment.
08-24-2007 3:35 PM
08-24-2007 12:39 PM
Hi Sekar,
Send an email to those 10 people asking them who changed the password.
If they do not know, then the person who changed the password can be the only one who would successfully be able to use that user, right?
Wait for that user to logon and do a LAN ping on the ID => that will give you the IP which <i>might</i> lead you to the person.
Good luck and I also agree with Alex that you should change your procedure.
Cheers,
Julius