Solved

Logon history - Is there a way to see who logged in to a Win2003 network over the weekend?

Posted on 2011-02-14
5
277 Views
Last Modified: 2012-05-11
I have been asked to find out who has logged into the network over the weekend. Is there a way to do this? Would some specific type of logging have to be enabled to do so? I am setting up a login script to create logs for all network logins, but this won't help for the past weekend.

Thanks.
0
Comment
Question by:BHForum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 11

Accepted Solution

by:
Tasmant earned 84 total points
ID: 34889309
You can review the security event logs of your DCs.
By default the audit is activated for all successfull logons on domain controllers.
If you want to monitor failure, you need to modify the default domain controller policy.
0
 
LVL 10

Assisted Solution

by:abbright
abbright earned 83 total points
ID: 34889341
If you go to the event-viewer, security you see all security-related events the server logged. If you filter for "Event source: Security", "Category: Logon/Logoff" and Event ID: 528 or 540 you should see all logons. Logontype 10 are remote interactive logons. More details can be found here: http://www.windowsecurity.com/articles/Logon-Types.html
0
 
LVL 4

Assisted Solution

by:MarcusMartin
MarcusMartin earned 83 total points
ID: 34889371
Have a look in your event logs under Security

You will have to check each Domain Controller though as I'm guessing you wont know which DC the user logged on to. Security Logging i think is on by default if its not then your out of luck. But see below for the best practice guide. Hope this helps

http://technet.microsoft.com/en-us/library/cc778162(WS.10).aspx
0
 

Author Comment

by:BHForum
ID: 34890412
Got it guys. Looks like the events were configured to NOT log any login/logoff activity. I will be pouring over these settings today.

Thanks,
0
 

Author Closing Comment

by:BHForum
ID: 34890421
I was wondering why I didn't see them there.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question