?
Solved

Domain login history for user

Posted on 2010-09-01
8
Medium Priority
?
3,052 Views
Last Modified: 2012-05-10
for some security reason and investigation
i need some info on how to get:
user A's  login and logoff history for everyday for past one month.

i have some tools (eg jiji ad report) but those just gives last succesfull or failed login.ths it.
any idea on how to get this info.
0
Comment
Question by:KerryJB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33574602
It depends on what you have configured to Audit, how big the log files are etc if you hvae configred the domain controller policy to log succesfull log ons and and your log files could cope with 1 months worth of logs then check the security logs on the domain controllers.
0
 
LVL 6

Expert Comment

by:M. Rashel Ahmed
ID: 33574653
you can see that in the event log. for more details, you can see it here: http://technet.microsoft.com/en-us/library/bb742435.aspx .


0
 
LVL 10

Expert Comment

by:wmeerza
ID: 33574664
on-going it would be better to create a logon/off script that records their activity. Much easier to audit in the long run.
For a login script:
  for /F "tokens=2 delims=:" %%K in ('ipconfig ^| find /I "IP Address"') do set IPADD=%%K
  echo logged on,%USERNAME%,%DATE%,%TIME%,%IPADD% >>"\\server\useraccess.txt"

For a logoff script:
  for /F "tokens=2 delims=:" %%K in ('ipconfig ^| find /I "IP Address"') do set IPADD=%%K
  echo logged off,%USERNAME%,%DATE%,%TIME%,%IPADD% >>"\\server\useraccess.txt"

Add these as .bat files to your default domain policy and then just use Excel to filter.
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 4

Expert Comment

by:Geek_Nabil
ID: 33574878
First check that in Audit policies you enabled "Audit account logon events".

0
 

Author Comment

by:KerryJB
ID: 33583879
auditing of account logon events is enabled. the problem is the size we set is not much.and we need the data for the month of june. is this possible in any way.?
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33584256
The event logs are stored in %SystemRoot%\System32\Config in files ending .evt if your backups were capturing that location/files you could restore the older files and review them.


0
 
LVL 4

Accepted Solution

by:
Geek_Nabil earned 500 total points
ID: 33601674
That is not possible unless as @MojoTech mentioned you have a backup, a log that is deleted is gone.
For future needs i suggest increasing the log file size, by right click on the log -> properties -> log size.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question