Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Log User Logons with 2008R2

Posted on 2011-09-29
4
Medium Priority
?
328 Views
Last Modified: 2012-12-17
I have enabled Security Logging in the Default GPO.. Both Logon Events and Account Logon events and my security log is populated with 1000s of events. What I need is simply Events that show the Username, the time, and the machine. Some 4624 events have this, some list the machine, others list a server  account. How do I accomplish this? This is very frustrating. I do not see how I can effectively filter the Events to just display the relevant information. This has to be a common question as this is the most basic logging request.  I don't see any 540 events. I think that may have had the correct information in server 2003
0
Comment
Question by:probetech
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 36815557
You are going to get a ton of noise by full logging like that.  Another method is to use a simple login script

http://msmvps.com/blogs/kwsupport/archive/2005/02/24/36942.aspx

http://support.microsoft.com/default.aspx/kb/556015?p=1

Thanks

Mike
0
 

Author Comment

by:probetech
ID: 36816506
Can I output the information to a syslog like kiwi instead of a .txt file?
0
 
LVL 26

Expert Comment

by:Pber
ID: 38697467
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question