Solved

Domain logins

Posted on 2012-03-19
8
312 Views
Last Modified: 2012-03-20
By default on 2003 domain cotnrollers - do they maintain any "Login" "logout" type records for all users? I.e. user X logged into the domain on dd/mm/yyyy at hh:mm:ss, and logged out on dd/mm/yyyy at hh:mm:ss?

If so how long does this data go back for?

Likewise on their local PC (windows XP) would their be any such logs there, and any rough estimate how long it would go back for?

Aside from domain controllers/PC anywhere else where this information may be logged in a typical network?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 3

Author Comment

by:pma111
ID: 37736862
Does the local security audit events only log a "Local login"? I.e. if your logging in the domain does that count as a local login?
0
 
LVL 5

Accepted Solution

by:
2Cs earned 250 total points
ID: 37736933
I don't believe you can try log off's, but you can with log on's. They will appear in the security log in event viewer on your domain controllers, but you would need to configure in group policy:

- Computer Configuration => Policies => Windows Settings => Security Settings => Local Policies => Audit Policy
0
 
LVL 15

Assisted Solution

by:jerseysam
jerseysam earned 250 total points
ID: 37736946
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 3

Author Comment

by:pma111
ID: 37736950
So if user Y from PC X logged into domain W, domain W's local security log may have this information. Any idea if it the log entry shows what PC they logged into the domain from?
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 37736965
I think it will only show you the DOMAIN\USER log on in respect to those logs.

It will use Active Directory to track these actions.

There will probably be some 3rd Party Software out there to monitor PC's i am sure.
0
 
LVL 5

Expert Comment

by:2Cs
ID: 37736979
They will show as either successful logons or failures depending on the result. It will also depend how your logs are setup in size to how far you can go back.
0
 
LVL 3

Author Comment

by:pma111
ID: 37737063
Do the security events on the client (ie XP) relate to domain logins also? I.e. will they correlate?
0
 
LVL 5

Expert Comment

by:2Cs
ID: 37737105
They should do, but it also contains on the local client any logon/log offs of network resources at machine level.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question