Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Monitor user logins

Posted on 2010-11-11
7
Medium Priority
?
437 Views
Last Modified: 2012-05-10
I am looking for the easiest way to just view user login authentication on our network.
0
Comment
Question by:drgleockler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 13

Expert Comment

by:BCipollone
ID: 34115808
You should be able to view this through eventvwr
0
 

Author Comment

by:drgleockler
ID: 34115823
I can see a PC name but not the user account in the security log. Is there a certain event id to look for?
0
 
LVL 5

Expert Comment

by:TheMetalicOne
ID: 34115839
Agreed, by default all your users authentication requests are logged on the domain controller in the security log.  When reviewing the log you can easily filter it out to follow a specific user if you wish.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 5

Accepted Solution

by:
TheMetalicOne earned 2000 total points
ID: 34115852
Look for the category Logon/Logoff or event ID 540

You can also right click on the security log and go to properties, click on the filter tab and then you can enter in the username if you wish.
0
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 34115868
Not sure if this is what you're looking for, but I posted a related question a while back regarding an easy way to keep track of users and what machines they logged on to. If you're up to the task (requires some vbscript and access to the AD "Description" field, it might be one way to go about it...

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24773750.html
0
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 34116220
If you're actively auditing the Logon Events, you'll capture the usernames.  Sometimes though, sorting through those security logs on the dc can be time consuming.  Keep in mind too, that each DC maintains it's own logs.

A nice MS utility, EVENT COMB tool will help alot, worth checking out.  Sure, it can take a while to sort through the multiple DCs, but at least it's a single interface.
http://support.microsoft.com/kb/308471
0
 

Author Comment

by:drgleockler
ID: 34136785
Is the logon event id different for Windows Server 2008 R2?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question