Solved

Monitor user logins

Posted on 2010-11-11
7
433 Views
Last Modified: 2012-05-10
I am looking for the easiest way to just view user login authentication on our network.
0
Comment
Question by:drgleockler
7 Comments
 
LVL 13

Expert Comment

by:BCipollone
ID: 34115808
You should be able to view this through eventvwr
0
 

Author Comment

by:drgleockler
ID: 34115823
I can see a PC name but not the user account in the security log. Is there a certain event id to look for?
0
 
LVL 5

Expert Comment

by:TheMetalicOne
ID: 34115839
Agreed, by default all your users authentication requests are logged on the domain controller in the security log.  When reviewing the log you can easily filter it out to follow a specific user if you wish.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 5

Accepted Solution

by:
TheMetalicOne earned 500 total points
ID: 34115852
Look for the category Logon/Logoff or event ID 540

You can also right click on the security log and go to properties, click on the filter tab and then you can enter in the username if you wish.
0
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 34115868
Not sure if this is what you're looking for, but I posted a related question a while back regarding an easy way to keep track of users and what machines they logged on to. If you're up to the task (requires some vbscript and access to the AD "Description" field, it might be one way to go about it...

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24773750.html
0
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 34116220
If you're actively auditing the Logon Events, you'll capture the usernames.  Sometimes though, sorting through those security logs on the dc can be time consuming.  Keep in mind too, that each DC maintains it's own logs.

A nice MS utility, EVENT COMB tool will help alot, worth checking out.  Sure, it can take a while to sort through the multiple DCs, but at least it's a single interface.
http://support.microsoft.com/kb/308471
0
 

Author Comment

by:drgleockler
ID: 34136785
Is the logon event id different for Windows Server 2008 R2?
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question