Domain login history for user

for some security reason and investigation
i need some info on how to get:
user A's  login and logoff history for everyday for past one month.

i have some tools (eg jiji ad report) but those just gives last succesfull or failed login.ths it.
any idea on how to get this info.
KerryJBAsked:
Who is Participating?
 
Geek_NabilCommented:
That is not possible unless as @MojoTech mentioned you have a backup, a log that is deleted is gone.
For future needs i suggest increasing the log file size, by right click on the log -> properties -> log size.
0
 
Mike ThomasConsultantCommented:
It depends on what you have configured to Audit, how big the log files are etc if you hvae configred the domain controller policy to log succesfull log ons and and your log files could cope with 1 months worth of logs then check the security logs on the domain controllers.
0
 
M. Rashel AhmedCommented:
you can see that in the event log. for more details, you can see it here: http://technet.microsoft.com/en-us/library/bb742435.aspx .


0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
wmeerzaCommented:
on-going it would be better to create a logon/off script that records their activity. Much easier to audit in the long run.
For a login script:
  for /F "tokens=2 delims=:" %%K in ('ipconfig ^| find /I "IP Address"') do set IPADD=%%K
  echo logged on,%USERNAME%,%DATE%,%TIME%,%IPADD% >>"\\server\useraccess.txt"

For a logoff script:
  for /F "tokens=2 delims=:" %%K in ('ipconfig ^| find /I "IP Address"') do set IPADD=%%K
  echo logged off,%USERNAME%,%DATE%,%TIME%,%IPADD% >>"\\server\useraccess.txt"

Add these as .bat files to your default domain policy and then just use Excel to filter.
0
 
Geek_NabilCommented:
First check that in Audit policies you enabled "Audit account logon events".

0
 
KerryJBAuthor Commented:
auditing of account logon events is enabled. the problem is the size we set is not much.and we need the data for the month of june. is this possible in any way.?
0
 
Mike ThomasConsultantCommented:
The event logs are stored in %SystemRoot%\System32\Config in files ending .evt if your backups were capturing that location/files you could restore the older files and review them.


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.