Solved

Monitor user logins

Posted on 2010-11-11
7
435 Views
Last Modified: 2012-05-10
I am looking for the easiest way to just view user login authentication on our network.
0
Comment
Question by:drgleockler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 13

Expert Comment

by:BCipollone
ID: 34115808
You should be able to view this through eventvwr
0
 

Author Comment

by:drgleockler
ID: 34115823
I can see a PC name but not the user account in the security log. Is there a certain event id to look for?
0
 
LVL 5

Expert Comment

by:TheMetalicOne
ID: 34115839
Agreed, by default all your users authentication requests are logged on the domain controller in the security log.  When reviewing the log you can easily filter it out to follow a specific user if you wish.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 5

Accepted Solution

by:
TheMetalicOne earned 500 total points
ID: 34115852
Look for the category Logon/Logoff or event ID 540

You can also right click on the security log and go to properties, click on the filter tab and then you can enter in the username if you wish.
0
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 34115868
Not sure if this is what you're looking for, but I posted a related question a while back regarding an easy way to keep track of users and what machines they logged on to. If you're up to the task (requires some vbscript and access to the AD "Description" field, it might be one way to go about it...

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24773750.html
0
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 34116220
If you're actively auditing the Logon Events, you'll capture the usernames.  Sometimes though, sorting through those security logs on the dc can be time consuming.  Keep in mind too, that each DC maintains it's own logs.

A nice MS utility, EVENT COMB tool will help alot, worth checking out.  Sure, it can take a while to sort through the multiple DCs, but at least it's a single interface.
http://support.microsoft.com/kb/308471
0
 

Author Comment

by:drgleockler
ID: 34136785
Is the logon event id different for Windows Server 2008 R2?
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question