Solved

login auditing

Posted on 2003-10-22
8
140 Views
Last Modified: 2010-04-14
Is it possible too log everytime someone logs into and out of a client in my domain from a domain controller?
0
Comment
Question by:donnatronious
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 11

Accepted Solution

by:
adonis1976 earned 125 total points
ID: 9603061
yeah, enable object access auditing.
0
 
LVL 41

Expert Comment

by:graye
ID: 9604059
Let's be clear....

If you want to know when anybody logs into their domain account anywhere in the network, then you turn on auditing at the Domain Controllers for:
    Audit Account Login Events

But, if you want to know when somebody logs into a specific PC (with either or domain or local acount), then you turn on auditing on that PC for:
    Audit Login Events

...or both!
0
 

Author Comment

by:donnatronious
ID: 9604095
this is under the group policy of the domain controller right?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 17

Expert Comment

by:paulop1975
ID: 9604103
To accomplish this you'll need to open Control Panel -> Administrative Tools -> Local Security Policy and on the left-pane select Local Policies\Audit Policies.
Then on the right-pane you should be able to see "Audit Account Logon Event" (this one you're looing for) and many other.

Good hunting!
;)
0
 
LVL 17

Expert Comment

by:paulop1975
ID: 9604115
For the Server version of Windows it should be similar.
Sorry but I don't remember the correct way to get to Global Policies. Mine is Windows 2000 Professional.
:(

Good luck on the search!

pAul0|PIm3NTA
0
 
LVL 17

Expert Comment

by:paulop1975
ID: 9604120
Thursday, October 23, 2003
4:12 AM
No cigarettes left......... shouldn't I be sleeping??
:S
0
 

Author Comment

by:donnatronious
ID: 9604170
hmm, I thought I put a comment a minute ago but it didn't show up.

My goal which I should have made clear in the original question is too see failures when someone tries too authenticate with an incorrect password.  adonis1976's solution accomplishes this but graye and paulop1975 do not.  I just tested it.

Thanks

0
 
LVL 41

Expert Comment

by:graye
ID: 9605968
Not to belabor the point... but one of the major difference in Audit Login Events and Audit Account Login Events is... "Audit Login Event" will only capture events where the UserID is valid... whereas "Audit Account Login Events" will capture events where the UserID doesn't even exist.

That's why they are almost always used together...  one to discover UserID guessing, and one to discover Password guessing.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Loss of RDP via youngzsoft.com/cn 4 245
kerberos errors 7 555
Windows 2012 R2 DC compatibility Windows 2000 Servers and Windows XP 9 616
Migrating from IIS5 to IIS8.5 3 180
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article describes a method of delivering Word templates for use in merging Access data to Word documents, that requires no computer knowledge on the part of the recipient -- the templates are saved in table fields, and are extracted and install…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question