Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Event Viewer showing multiple logon/logoff events

Posted on 2004-10-25
7
Medium Priority
?
1,901 Views
Last Modified: 2007-12-19
The Event Viewer is showing from 5-11 events per user logon/logoff. Filters did not work to satisfaction. An example is here:
 Type      Date      Time      Source      Category      Event      User      Computer
Success Audit      10/21/2004      3:38:50 PM      Security      Logon/Logoff       538      SYSTEM      528-WINSERVER2
Success Audit      10/21/2004      3:38:50 PM      Security      Logon/Logoff       538      SYSTEM      528-WINSERVER2
Success Audit      10/21/2004      3:38:50 PM      Security      Logon/Logoff       538      SYSTEM      528-WINSERVER2
Success Audit      10/21/2004      3:38:50 PM      Security      Logon/Logoff       540      SYSTEM      528-WINSERVER2
Success Audit      10/21/2004      3:38:50 PM      Security      Privilege Use       576      SYSTEM      528-WINSERVER2
Success Audit      10/21/2004      3:38:50 PM      Security      Logon/Logoff       540      SYSTEM      528-WINSERVER2
Success Audit      10/21/2004      3:38:50 PM      Security      Privilege Use       576      SYSTEM      528-WINSERVER2
Success Audit      10/21/2004      3:38:50 PM      Security      Logon/Logoff       540      SYSTEM      528-WINSERVER2
Success Audit      10/21/2004      3:38:50 PM      Security      Privilege Use       576      SYSTEM      528-WINSERVER2
Success Audit      10/21/2004      3:38:50 PM      Security      Logon/Logoff       540      SYSTEM      528-WINSERVER2
Success Audit      10/21/2004      3:38:50 PM      Security      Privilege Use       576      SYSTEM      528-WINSERVER2
Success Audit      10/21/2004      3:38:43 PM      Security      System Event       517      SYSTEM      528-WINSERVER2


---This was one person logging into their system - Any ideas or known fixes?
0
Comment
Question by:tcpfargo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 
LVL 18

Expert Comment

by:crissand
ID: 12402672
Yes, you can change the security audit to only the events that you want. The filters from event viewer are only for viewing events, not for registering in audit log.
0
 
LVL 3

Accepted Solution

by:
kelo501 earned 1000 total points
ID: 12404187
You can change the logging filter in the defult domain policy.

To reach the Default Domain Policy GPO, open the Microsoft Management Console—MMC—Active Directory Users and Computers snap-in, select your domain's root, right-click, select Properties, then click the Group Policy tab.

You can also download the GPMC at this link and make your changes with it.
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx

kelo501
0
 

Author Comment

by:tcpfargo
ID: 12426970
Thanks guys. The 2nd reponse I think is in the right direction. But what is done in the group policy tab once we are there. Will the GPMC filter these out? Also the User id says "system" not the user name. I will be adding more points to this once we can get a little closer to the solution.
0
 
LVL 3

Expert Comment

by:kelo501
ID: 12429113
once you are there click:
Security Settings > LocalPolicy > Audit Policy

in the right pane will be the objects you can configure.  Select one and right click properties to configure.

If you use the Group Policy Managment Console there is alot more information provide for each setting when you highlight it.

If you need anything let me know.

kelo
0
 
LVL 18

Expert Comment

by:crissand
ID: 14101423
No objections.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question