Re: logon/logoff logging...

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

>From my personal notes regarding this subject -



The two GPO settings below have been enabled for success and failure
auditing:



Default Domain Controllers Policy\Computer Configuration\Windows
Settings\Security Settings\Local Policies\Audit Policy\Audit account logon
events



Default Domain Controllers Policy\Computer Configuration\Windows
Settings\Security Settings\Local Policies\Audit Policy\Audit logon events



These settings were enabled specifically to audit domain user account
logons. The settings also audit computer account and system account logon
activities. The entries are logged to the Security Event Log of the
authenticating Domain Controller.



>From the Microsoft Windows Server 2003 Web site:



"If both account logon and logon audit policy categories are enabled, logons
that use a domain account generate a logon or logoff event on the
workstation or server, and they generate an account logon event on the
domain controller. Additionally, interactive logons to a member server or
workstation that use a domain account generate a logon event on the domain
controller as the logon scripts and policies are retrieved when a user logs
on."



Martin

MCSA: M



"Dave McDougall" <dave.mcdougall@xxxxxxxxxxxx> wrote in message
news:enKgqzR9FHA.1416@xxxxxxxxxxxxxxxxxxxxxxx
> Hey,
>
> How can I log my domain logons and logoffs? Is it on the domain controller
> in AD or is it something I should eb able to see using event viewer?
>
> I want to manage the security of my domain better by monitoring who is
> logging in and out each day.
>
> Thanks
> Dave
>


.

Relevant Pages

  • Re: Auditing User logon/logoff events.
    ... u say in the document like i enabled "Account logon events" only in domain ... Then i am getting 672,673 event ids in my domain controllers event viewer. ... can see this log in domain controller security log. ...
    (microsoft.public.win2000.security)
  • Re: remote desktop rights on domain controller
    ... First of for domain controllers user rights must be configured in Domain ... Controller Security Policy - not local policy. ... The user right for logon ... Group on the domain controller if using Windows 2003. ...
    (microsoft.public.windows.server.security)
  • Re: How to remove a cached password?
    ... See if another domain user can logon to it or not, ... a domain controller is that it has incorrect dns settings. ... The login used on the laptop is the same ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Why allow log on locally" is not configured by default??
    ... To logon locally you would have to be sitting in front of the console or use ... There are two policy under admin tools -> domain controller security ... Domain Controller policy impacts ALL dc's in your network. ... asking it if it is ok that this user log onto this workstation, ...
    (microsoft.public.windows.server.active_directory)
  • Re: user gets locked out frequently ... what to check for
    ... Enable auditing of account logon ... Scheduled Tasks with expired password, mapped drives using expired password, ... > Domain controller on Windows NT, RAS on Windows 2000, ...
    (microsoft.public.win2000.security)