Solved

Monitor user logins

Posted on 2010-11-11
7
434 Views
Last Modified: 2012-05-10
I am looking for the easiest way to just view user login authentication on our network.
0
Comment
Question by:drgleockler
7 Comments
 
LVL 13

Expert Comment

by:BCipollone
ID: 34115808
You should be able to view this through eventvwr
0
 

Author Comment

by:drgleockler
ID: 34115823
I can see a PC name but not the user account in the security log. Is there a certain event id to look for?
0
 
LVL 5

Expert Comment

by:TheMetalicOne
ID: 34115839
Agreed, by default all your users authentication requests are logged on the domain controller in the security log.  When reviewing the log you can easily filter it out to follow a specific user if you wish.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 5

Accepted Solution

by:
TheMetalicOne earned 500 total points
ID: 34115852
Look for the category Logon/Logoff or event ID 540

You can also right click on the security log and go to properties, click on the filter tab and then you can enter in the username if you wish.
0
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 34115868
Not sure if this is what you're looking for, but I posted a related question a while back regarding an easy way to keep track of users and what machines they logged on to. If you're up to the task (requires some vbscript and access to the AD "Description" field, it might be one way to go about it...

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24773750.html
0
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 34116220
If you're actively auditing the Logon Events, you'll capture the usernames.  Sometimes though, sorting through those security logs on the dc can be time consuming.  Keep in mind too, that each DC maintains it's own logs.

A nice MS utility, EVENT COMB tool will help alot, worth checking out.  Sure, it can take a while to sort through the multiple DCs, but at least it's a single interface.
http://support.microsoft.com/kb/308471
0
 

Author Comment

by:drgleockler
ID: 34136785
Is the logon event id different for Windows Server 2008 R2?
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question