concordit
asked on
Logon history in Active directory...
Is there a decent tool that I can use to see login history per-workstation? In other words who has logged into a particular machine using their active directory account over the last 24 hours or so.
Thanks!
Thanks!
ASKER
Are you saying change the security policy on the individual machines or on the mail GPO on the domain controller? Also woudl the logs fill up very quickly with login/logout information?
You are not changing a policy you are enabling an auditing option on the GPO within the AD. Comparatively, the event log will see additional entries and would fill up quicker then prior. Adjusting the amount of space allocated for the log as well as setting the duration after which old events are discarded would reduce the possibility that the event log will fill up.
You only need to enable the auditing option on the domain policy.
You only need to enable the auditing option on the domain policy.
i did something a little differently
i also found that there was nothing that really did the job that i wanted without enabling the auditing which puts a lot of strain on the servers, so i used vbscript to keep a history of who signed on to the servers,
i created a SQL DB and as a login script using VBS i right to 2 tables one is a login history which shows all logons for all users on the respective workstations and it goves some other information about the workstations, and the second is current user which determines the who was the last person to sign on to the workstation and keeps that inforation there.
every time a user signs on to a workstation it updates both tables.
you can also write to the log when they logoff
this has no foortprint on the workstation or on the server it also only transfers about 2k of data accross the network
my logon script does a thousand other things so i can not post that here but if you need help with the script and DB let me know and i can at least guide you
regards
Zane
i also found that there was nothing that really did the job that i wanted without enabling the auditing which puts a lot of strain on the servers, so i used vbscript to keep a history of who signed on to the servers,
i created a SQL DB and as a login script using VBS i right to 2 tables one is a login history which shows all logons for all users on the respective workstations and it goves some other information about the workstations, and the second is current user which determines the who was the last person to sign on to the workstation and keeps that inforation there.
every time a user signs on to a workstation it updates both tables.
you can also write to the log when they logoff
this has no foortprint on the workstation or on the server it also only transfers about 2k of data accross the network
my logon script does a thousand other things so i can not post that here but if you need help with the script and DB let me know and i can at least guide you
regards
Zane
ASKER
Zane - sorry for the delay. I would like some guidance on this script. If you can post it that would be cool.
Thanks!
Thanks!
ASKER
Whoop - ignore that last comment, I saw that you said you "cant" post it. Some guidance would be helpful, maybe just that segment that writes to the SQLDB?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Any news? did it work?
Hi Dude,
Does it Record the Local Admin Login As Well,
Also So Far I havent Enabled the Audit Option on the AD. Is there any Way I can Pull Out the Details like The User Name, Session Time (Login/logout Time) and the Login type
Especially I Need the report of Local Admin Loging Made. is it Possible??
Does it Record the Local Admin Login As Well,
Also So Far I havent Enabled the Audit Option on the AD. Is there any Way I can Pull Out the Details like The User Name, Session Time (Login/logout Time) and the Login type
Especially I Need the report of Local Admin Loging Made. is it Possible??
If audit policy is enabled on the local system, you will be able to see the data in the security log of the local system. You should probably open a separate question for yourself and reference this one as a starting point for your response. Pull would involve using a Script to connect to each workstation and retrieve its security event log.
Once enabled, the login/logout events will be logged in the security log on the DC's event log.
You can then scan through the security log.
Try http://www.microsoft.com/technet/sysinternals/default.mspx. I would think the above change to the GPO of the computers would be a requirement.