Solved

Domain logins

Posted on 2012-03-19
8
307 Views
Last Modified: 2012-03-20
By default on 2003 domain cotnrollers - do they maintain any "Login" "logout" type records for all users? I.e. user X logged into the domain on dd/mm/yyyy at hh:mm:ss, and logged out on dd/mm/yyyy at hh:mm:ss?

If so how long does this data go back for?

Likewise on their local PC (windows XP) would their be any such logs there, and any rough estimate how long it would go back for?

Aside from domain controllers/PC anywhere else where this information may be logged in a typical network?
0
Comment
Question by:pma111
  • 3
  • 3
  • 2
8 Comments
 
LVL 3

Author Comment

by:pma111
Comment Utility
Does the local security audit events only log a "Local login"? I.e. if your logging in the domain does that count as a local login?
0
 
LVL 5

Accepted Solution

by:
2Cs earned 250 total points
Comment Utility
I don't believe you can try log off's, but you can with log on's. They will appear in the security log in event viewer on your domain controllers, but you would need to configure in group policy:

- Computer Configuration => Policies => Windows Settings => Security Settings => Local Policies => Audit Policy
0
 
LVL 15

Assisted Solution

by:jerseysam
jerseysam earned 250 total points
Comment Utility
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
So if user Y from PC X logged into domain W, domain W's local security log may have this information. Any idea if it the log entry shows what PC they logged into the domain from?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 15

Expert Comment

by:jerseysam
Comment Utility
I think it will only show you the DOMAIN\USER log on in respect to those logs.

It will use Active Directory to track these actions.

There will probably be some 3rd Party Software out there to monitor PC's i am sure.
0
 
LVL 5

Expert Comment

by:2Cs
Comment Utility
They will show as either successful logons or failures depending on the result. It will also depend how your logs are setup in size to how far you can go back.
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Do the security events on the client (ie XP) relate to domain logins also? I.e. will they correlate?
0
 
LVL 5

Expert Comment

by:2Cs
Comment Utility
They should do, but it also contains on the local client any logon/log offs of network resources at machine level.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now