djs120
asked on
Account Auditing
Environment: Windows 2003 native domain, Windows XP and 2000 clients.
My boss has requested we turn on account auditing to track when users log on and off. I've done this through the domain's default global policy: Computer Configuration -> Windows Settings -> Local Policies -> Audit Policy. It's working but unfortunately there's no log on/off events on the DC's only on the clients.
Is there a way, without using a MOM server, to centrally track user logon's and logoff's? We only have one domain in our forest and that domain only has 3 DC's so if centrally means logs are spread across the 3 DC's I'd be satisfied with that.
As an ancillary point I know that account auditing isn't really the tool to use to track when users are using the network or their computers so if anyone can present hard evidence which I can take to my boss I'd be most appreciative.
ASKER
I don't see how Syslogd would help me.
Besides I've found that by enabling auditing on the DC's I'm seeing login and logoff's in their Security Event Logs. Still, it's probably not what my boss wants to see but I can't help that.
BTW - they want to track user's hours. They beleive that if they can see when a user logins in and logs off that'd be a good representation of hours worked. What I've found is that this assumption doesn't take into account things like users who leave their computers on at night or idle connection timeouts.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here's another:
http://www.timekron.com/timeclock/index.html
Pricing seems reasonable - $199 for a network license.
http://www.timekron.com/timeclock/index.html
Pricing seems reasonable - $199 for a network license.
ASKER
The log on/off scripts are interesting. I think this could get my superiors what they want for now. I'm already using login scripts for drive mapping so it'd be easy to add an extra line or two. Would the syntax be something like the following?
%username% >> c:\somefilename.txt
date /t >> c:\somefilename.txt
At this point it doesn't sound like they want to purchase anything at this point but I'll take a look at the links you've provided and perhaps offer them as a little better solution.
ASKER
I've got some additional follow-on work to complete this task but I'm satisfied my initial question was answered.
Thanks for the help!
That addition to the script should work, but it'll be on 2 lines and NOT provide the time.
This command:
echo %username%&date /t&time /t
...will give you what you want, but on 3 lines. Unless we use VBScript I think we're stuck with carriage returns after each command.
This command:
echo %username%&date /t&time /t
...will give you what you want, but on 3 lines. Unless we use VBScript I think we're stuck with carriage returns after each command.
It's called Syslogd.
I don't think it's extremely hard to configure, but the price is right.
I know what you're up against - these logs stay on the client - which makes little sense if you are trying to manage your security.
See if that tool will help you create a syslog on one of the servers.