Solved

Logon history - Is there a way to see who logged in to a Win2003 network over the weekend?

Posted on 2011-02-14
5
276 Views
Last Modified: 2012-05-11
I have been asked to find out who has logged into the network over the weekend. Is there a way to do this? Would some specific type of logging have to be enabled to do so? I am setting up a login script to create logs for all network logins, but this won't help for the past weekend.

Thanks.
0
Comment
Question by:BHForum
5 Comments
 
LVL 11

Accepted Solution

by:
Tasmant earned 84 total points
ID: 34889309
You can review the security event logs of your DCs.
By default the audit is activated for all successfull logons on domain controllers.
If you want to monitor failure, you need to modify the default domain controller policy.
0
 
LVL 10

Assisted Solution

by:abbright
abbright earned 83 total points
ID: 34889341
If you go to the event-viewer, security you see all security-related events the server logged. If you filter for "Event source: Security", "Category: Logon/Logoff" and Event ID: 528 or 540 you should see all logons. Logontype 10 are remote interactive logons. More details can be found here: http://www.windowsecurity.com/articles/Logon-Types.html
0
 
LVL 4

Assisted Solution

by:MarcusMartin
MarcusMartin earned 83 total points
ID: 34889371
Have a look in your event logs under Security

You will have to check each Domain Controller though as I'm guessing you wont know which DC the user logged on to. Security Logging i think is on by default if its not then your out of luck. But see below for the best practice guide. Hope this helps

http://technet.microsoft.com/en-us/library/cc778162(WS.10).aspx
0
 

Author Comment

by:BHForum
ID: 34890412
Got it guys. Looks like the events were configured to NOT log any login/logoff activity. I will be pouring over these settings today.

Thanks,
0
 

Author Closing Comment

by:BHForum
ID: 34890421
I was wondering why I didn't see them there.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question