Improve company productivity with a Business Account.Sign Up

x
?
Solved

Logon history - Is there a way to see who logged in to a Win2003 network over the weekend?

Posted on 2011-02-14
5
Medium Priority
?
282 Views
Last Modified: 2012-05-11
I have been asked to find out who has logged into the network over the weekend. Is there a way to do this? Would some specific type of logging have to be enabled to do so? I am setting up a login script to create logs for all network logins, but this won't help for the past weekend.

Thanks.
0
Comment
Question by:BHForum
5 Comments
 
LVL 11

Accepted Solution

by:
Tasmant earned 336 total points
ID: 34889309
You can review the security event logs of your DCs.
By default the audit is activated for all successfull logons on domain controllers.
If you want to monitor failure, you need to modify the default domain controller policy.
0
 
LVL 10

Assisted Solution

by:abbright
abbright earned 332 total points
ID: 34889341
If you go to the event-viewer, security you see all security-related events the server logged. If you filter for "Event source: Security", "Category: Logon/Logoff" and Event ID: 528 or 540 you should see all logons. Logontype 10 are remote interactive logons. More details can be found here: http://www.windowsecurity.com/articles/Logon-Types.html
0
 
LVL 4

Assisted Solution

by:MarcusMartin
MarcusMartin earned 332 total points
ID: 34889371
Have a look in your event logs under Security

You will have to check each Domain Controller though as I'm guessing you wont know which DC the user logged on to. Security Logging i think is on by default if its not then your out of luck. But see below for the best practice guide. Hope this helps

http://technet.microsoft.com/en-us/library/cc778162(WS.10).aspx
0
 

Author Comment

by:BHForum
ID: 34890412
Got it guys. Looks like the events were configured to NOT log any login/logoff activity. I will be pouring over these settings today.

Thanks,
0
 

Author Closing Comment

by:BHForum
ID: 34890421
I was wondering why I didn't see them there.
0

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The onset of year 2018 has been a usual business for IT teams still struggling to find their way out in terms of strengthening their cloud security.
It has been a full year since one of the worst ransomware attacks we have seen, the Wannacry attack last year. The attacks have changed.  The way we are addressing them has also changed, but maybe not enough.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

605 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question