Re: Re: Auditing only Specific Users logons
From: lforbes (UseLinkToEmail_at_WindowsForumz.com)
Date: 02/16/05
- Next message: lforbes: "Re: Add one icon to desktop through group policy"
- Previous message: lforbes: "Re: Re: run only allowed windows applications"
- In reply to: Steven L Umbach: "Re: Auditing only Specific Users logons"
- Messages sorted by: [ date ] [ thread ]
Date: 16 Feb 2005 14:29:49 -0500
"Steven L Umbach2" wrote:
> Unfortunately in Windows 2000 the last logon timestamp is not
> replicated
> among domain controllers which is why you experience what you
> do. You would
> have to run your report on all domain controllers to see what
> is going on
> which may of course be very tedious if you have more than a
> few domain
> controllers. As far as auditing you can only do it in an all
> or none fashion
> for domain users. Auditing of "account logons" would have to
> be enabled in
> Domain Controller Security Policy and then an account logon
> event will be
> logged on the domain controller that authenticated the user.
> Event Comb
> [free MS download] can be used to scan the security logs of
> multiple domain
> controllers for specific Event ID's or text strings which can
> make that job
> easier. The last logon timestamp does replicate On Windows
> 2003 domain
> controllers. You could easily add all those users from your OU
> to a global
> group and then add that group to "deny logon locally" for
> Domain Security
> Policy to try to flush out any survivors. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;308471
> --
> EventComb.
>
> "lforbes" <UseLinkToEmail@WindowsForumz.com> wrote in message
> news:4207b408$1_2@alt.athenanews.com...
> > Hi,
> >
> > I am currently cleaning out my Active Directory Database of
> old User
> > accounts. We have a high turnover so I have about 800
> accounts marked
> > for deletion.
> >
> > I ran a vbscript to list last logon, but for some reason the
> script
> > keeps coming up with different dates and doesn't seem
> accurate
> > depending on the DC authenticating.
> >
> > I want to enable logon Auditing for the OU of users that are
> marked
> > for deletion. If they haven't logged in in a month I want to
> delete
> > them.
> >
> > The problem is that I can only find how to enable Auditing
> via
> > computer and not user. I haven't done auditing before so I
> am sure I
> > am missing something. How Do I enable logon auditing for
> Only the 800
> > users in the one OU.
> >
> > Thanks
> >
> > Lara
> >
> > --
> > Posted using the http://www.windowsforumz.com interface, at author's
> > request
> > Articles individually checked for conformance to usenet
> standards
> > Topic URL:
> > http://www.windowsforumz.com/Group-Policy-Auditing-Specific-Users-logons-ftopict261756.html
> > Visit Topic URL to contact author (reg. req'd). Report
> abuse:
> > http://www.windowsforumz.com/eform.php?p=814035
Hi,
Thanks. I just ended up disabling them and deleting them. The HR
dept. is definitely not organized enough to let me know. In a perfect
world --- =)
Thanks for the info on the Last login. I only have two DC’s so it
won’t take much to do.
Cheers,
Lara
- Next message: lforbes: "Re: Add one icon to desktop through group policy"
- Previous message: lforbes: "Re: Re: run only allowed windows applications"
- In reply to: Steven L Umbach: "Re: Auditing only Specific Users logons"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
