[Last Call] Learn how to a build a cloud-first strategyRegister Now


Who was logged in (active directory) at a particular time

Posted on 2007-10-07
Medium Priority
Last Modified: 2013-11-29
i am wondering if it's possible to find out who was logged into a computer on a 2003 AD domain at a particular time. somebody stole a mobile phone that was sitting next to a computer after logging in and surfing the net for a while.

I have looked in the security event log on the domain controller but it doesn't go back far enough and the one on the computer is empty. is their any way to find out?

Question by:mwm83

Accepted Solution

JjcampNR earned 336 total points
ID: 20032183
Do you have a backup (including system state) for the DC?  If so, restore back to a spare machine using a time closer to the incident.

Assisted Solution

cpottercpotter earned 332 total points
ID: 20032290
You can tell who logged onto that machine at a particluar time by looking in the security event viewer logs of the DC's (no backup required). If there is several DC's you may need to check more than one.
LVL 70

Assisted Solution

KCTS earned 332 total points
ID: 20032675
If your security log does not go back far enough then you' ve had it, even with the security log its not that easy - though there are tools like Log Parser that can help http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx.

It might be a good idea for the future to put a procedure in place for archivibng the security log ay intervals so that the data is there next time.

This can easily be done by going into the security log on a regular basis and using "Save As", the file can then be exported to csv format and imported into your database/spreadsheet (where it is also easier to anaylse), before clearing the log.

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question