Windows domain user logging -- tracking behavior

Posted on 2005-04-08
Last Modified: 2010-04-11
I would like to log the activity of users on my windows 2000 domain at my office. This includes the IP of the user at the time of login and any other user information available then. It also includes accesses or attempted accesses to folders. The kind of things I'd like to know are:

1) NewEmployee logged in through VPN (served from windows 2k server)
2) 20 failed login attempts were made to the Administrator account
3) DisgruntledEmployee tried and failed to access SecureFolder on the network share
4) DisgruntledEmployee2 succeeded in accessing the SecureFolder  on the network share

How does my sysadmin set this up?

Many thanks.
Question by:axmurderer
    LVL 11

    Accepted Solution

    For points 3) and 4) you can certainly use auditing (use these documents as a start):
    For point 2) you can peruse security log on your systems and again define an audit policy.
    As for your first point, it depends on the kind of logging you need: if you only have to determine who logged in, then you can always refer to windows' security logs; if instead you need to monitor your firewall/other apparate you use for VPN, it depends on the specific hardware you used.
    Hope it helps, Elbereth.
    LVL 6

    Assisted Solution

    Once you have done the above mentioned steps, you can also have the sys admins look at this document to further secure your network.


    Good luck and stay secure.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now