Re: Logon Log
- From: v-mileli@xxxxxxxxxxxxxxxxxxxx (Miles Li [MSFT])
- Date: Fri, 24 Jul 2009 10:45:15 GMT
Hello,
Thank you for posting here.
According to your description, I understand that:
You want to log the logon information of the domain users.
If I have misunderstood the problem, please don't hesitate to let me know.
Actually, there are several methods for this requirements:
Method 1:
You can try to enable the policy "Audit logon events" and then we can audit
the user logon/logoff events in the security log.
To enable the policy "Audit logon events", please perform the following
steps:
1. Logon Domain Controller using domain administrator.
2. Open default domain controller policy or create a new GPO at domain
level.
3. Click Local Computer Policy, click Computer Configuration, and then
click Windows Settings->Security Settings->Local Policies->Audit
Policy->Double click Audit logon events and Audit Account Logon
Events->Select Success and Failure. Click OK.
You can find the following information from the Windows Server 2003
Security Guide:
Audit Account Logon Events
Determines whether to audit each instance of a user logging on to or
logging off from another computer in which this computer is used to
validate the account. If you define this policy setting, you can specify
whether to audit successes, audit failures, or not audit the event type at
all. Success audits generate an audit entry when an account logon attempt
succeeds. Failure audits generate an audit entry when an account logon
attempt fails.
If success auditing for account logon events is enabled on a domain
controller, an entry is logged for each user who is validated against that
domain controller, even though the user is actually logging on to a
workstation that is joined to the domain.
Audit Logon Events
Determines whether to audit each instance of a user logging on to, logging
off from, or making a network connection to this computer. If you are
logging successful account logon audit events on a domain controller,
workstation logon attempts do not generate logon audits. Only interactive
and network logon attempts to the domain controller itself generate logon
events. In short, "account logon events" are generated where the account
lives; "logon events" are generated where the logon attempt occurs.
If you define this policy setting, you can specify whether to audit
successes, audit failures, or not audit the event type at all. Success
audits generate an audit entry when a logon attempt succeeds. Failure
audits generate an audit entry when a logon attempt fails.
Windows Server 2003 Security Guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=8a2643c1-0685-4d89-
b655-521ea6c7b4db&displaylang=en
Method 2:
You can also add some lines to the logon and log off script to write
something to the server share log file.
@echo off
echo [%date% %time%] >>\\server\share\logon.log
echo %username% log on %computername% to damain: %userdomain%
\\server\share\logon.log
NOTE: you may need to give write permission to everyone to get the log
accessed by all users.
Method 3:
We can use a new tool called LimitLogin.
LimitLogin v1.0 is an application that adds the ability to limit concurrent
interactive user logons in an Active Directory domain. It can also keep
track of all logins information in Active Directory domains (without
necessarily enforcing logons quotas).
LimitLogin capabilities include:
?¡è Limiting the number of logins per user from any machine in the domain,
including Terminal Server sessions.
?¡è Displaying the logins information of any user in the domain according
to a specific criterion (e.g. all the logged-on sessions to a specific
client machine or Domain Controller, or all the machines a certain user is
currently logged on to).
?¡è Easy management and configuration by integrating to the Active
Directory MMC snap-ins.
?¡è Ability to delete and log off user session remotely straight from the
Active Directory Users and Computers MMC snap-in.
?¡è Generating Login information reports in CSV (Excel) and XML formats.
Please keep in mind that this tool is Not Supported (similar to a resource
kit tools).
More information regarding this tool is available in:
http://technet.microsoft.com/en-us/magazine/cc160794.aspx
If you have any questions or concerns, please do not hesitate to let me
know.
Best regards,
Miles Li
Microsoft Online Newsgroup Support
==================================================================
Please post your SBS 2008 related questions to the SBS newsgroup on Connect
website:
https://connect.microsoft.com/sbs08/community/discussion/richui/default.aspx
Please post your EBS related questions to the EBS newsgroup on Connect
website:
https://connect.microsoft.com/ebs08/community/discussion/richui/default.aspx
If you want to use a newsreader other than a web forum to access these
newsgroups,
please refer to the following blog to apply NNTP password and configure a
newsreader:
http://msmvps.com/blogs/bradley/archive/2008/11/02/signing-up-for-the-sbs-20
08-newsgroups.aspx
==================================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
==================================================================
.
- References:
- Logon Log
- From: John
- Re: Logon Log
- From: Cliff Galiher
- Re: Logon Log
- From: John
- Logon Log
- Prev by Date: RE: Routing problem on Sbs 2003
- Next by Date: Re: OMG Wot? Public folder permissions
- Previous by thread: Re: Logon Log
- Next by thread: Dell RD1000 and SBS 2008 backup
- Index(es):
Relevant Pages
|
Loading
