Re: user Login Time [WILDPACKET}

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Herb Martin" <news@xxxxxxxxxxxxxx>
Date: Mon, 5 Dec 2005 08:24:55 -0800

"WILDPACKET" <WILDPACKET@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D60AE514-56F9-4148-AD7D-2E75CF4CB210@xxxxxxxxxxxxxxxx
> user logged in at 8:00 a.m. she says. Can I check if she is not lying?
>
> Auditing is enabled, I guess it also depends which server authenticated
> her?
>
> Please advise.

Not 100% reliably (if you see she DID log in then you know
she is telling the truth BUT if you do not see it then you may
not be 100% sure she is not.)

In a Domain:
Activate Account Logon auditing. Check (all of) the DCs
security logs for her logon time (tomorrow etc.)

Domain or NOT:
Active Logon Auditing. Check her machine security log for
Logon time. This is pretty reliable once the Loging is activated
the first time.

In a Domain you can use a GPO to enable either/both types of
auditing.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

.

Follow-Ups:
- Re: user Login Time [WILDPACKET}
  - From: NetTransplant

Prev by Date: Re: Kerberos KRB_AP_ERR_MODIFIED error
Next by Date: Re: Regarding time server Problem
Previous by thread: Regarding time server Problem
Next by thread: Re: user Login Time [WILDPACKET}
Index(es):
- Date
- Thread

Relevant Pages

Re: user Login Time [WILDPACKET}
... > Activate Account Logon auditing. ... > security logs for her logon time ... > Accelerated MCSE ...
(microsoft.public.windows.server.active_directory)
RE: Question about Active Directory and last time user has logged on
... I have to display the last logon time to the user when he/she initiates ... This is a request from auditing. ... It makes gathering info from AD a lot easier. ... Question about Active Directory and last time user has logged on ...
(Security-Basics)
Re: Permissions required for the Cluster service account?
... security logs on the servers involved and having auditing for logon events ... for success and failure and privilege use for failure can ... I need to know the exact security permisssions required for the cluster ...
(microsoft.public.windows.server.security)
Re: Find who renamed an OU
... to find anything about this online. ... I even tested it in our lab and ... the security logs didn't log anything when I renamed an OU. ... Only if you were already Auditing -- which is unlikely. ...
(microsoft.public.windows.server.active_directory)
RE: Event Logs - Security
... you can use to Provide a permission to a user to look security Logs ... assignments-->Manage Auditing & Security Log ... Which by default has administrator, you can add another user in it ...
(microsoft.public.win2000.security)