• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 151
  • Last Modified:

login auditing

Is it possible too log everytime someone logs into and out of a client in my domain from a domain controller?
0
donnatronious
Asked:
donnatronious
  • 3
  • 2
  • 2
  • +1
1 Solution
 
adonis1976Commented:
yeah, enable object access auditing.
0
 
grayeCommented:
Let's be clear....

If you want to know when anybody logs into their domain account anywhere in the network, then you turn on auditing at the Domain Controllers for:
    Audit Account Login Events

But, if you want to know when somebody logs into a specific PC (with either or domain or local acount), then you turn on auditing on that PC for:
    Audit Login Events

...or both!
0
 
donnatroniousAuthor Commented:
this is under the group policy of the domain controller right?
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

 
paulop1975Commented:
To accomplish this you'll need to open Control Panel -> Administrative Tools -> Local Security Policy and on the left-pane select Local Policies\Audit Policies.
Then on the right-pane you should be able to see "Audit Account Logon Event" (this one you're looing for) and many other.

Good hunting!
;)
0
 
paulop1975Commented:
For the Server version of Windows it should be similar.
Sorry but I don't remember the correct way to get to Global Policies. Mine is Windows 2000 Professional.
:(

Good luck on the search!

pAul0|PIm3NTA
0
 
paulop1975Commented:
Thursday, October 23, 2003
4:12 AM
No cigarettes left......... shouldn't I be sleeping??
:S
0
 
donnatroniousAuthor Commented:
hmm, I thought I put a comment a minute ago but it didn't show up.

My goal which I should have made clear in the original question is too see failures when someone tries too authenticate with an incorrect password.  adonis1976's solution accomplishes this but graye and paulop1975 do not.  I just tested it.

Thanks

0
 
grayeCommented:
Not to belabor the point... but one of the major difference in Audit Login Events and Audit Account Login Events is... "Audit Login Event" will only capture events where the UserID is valid... whereas "Audit Account Login Events" will capture events where the UserID doesn't even exist.

That's why they are almost always used together...  one to discover UserID guessing, and one to discover Password guessing.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now