Monitoring "specific user" login activities

Posted on 2010-04-06
Medium Priority
Last Modified: 2012-06-27
Is there a way to monitor, or log, whenever a specific username is used on the domain? To watch when the account was used throughout the day, and what computers/servers it was used on?

Using a Server 2003 AD domain with Windows XP computers...  on 6 sites... all sites see each other.
Question by:OdyChris

Accepted Solution

andeporter earned 500 total points
ID: 29940404
Check the event logs of the domain controller?

Author Comment

ID: 29940777
Yeah thats what I was afraid of... :( I have 12 DCs, 2 at each site... :(
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 29941299
Third part tools can really help with event log management.  You could also give eventcomb a try


It is a free tool from Microsoft, haven't tested against 12 DCs myself.



Assisted Solution

technics1 earned 500 total points
ID: 29941679
Manage Engine AD Audit, you can download the software, its free for 30 days.
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
ID: 29995108

I used a minor modification of this method to capture logon / logoff events:


It'll only give you interactive logon and won't help at all if everyone just locks their machines (or wanders away with them unlocked). But it's free, very easy to implement and gets you some of the tracking you're after.



Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

592 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question