[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 318
  • Last Modified:

Domain logins

By default on 2003 domain cotnrollers - do they maintain any "Login" "logout" type records for all users? I.e. user X logged into the domain on dd/mm/yyyy at hh:mm:ss, and logged out on dd/mm/yyyy at hh:mm:ss?

If so how long does this data go back for?

Likewise on their local PC (windows XP) would their be any such logs there, and any rough estimate how long it would go back for?

Aside from domain controllers/PC anywhere else where this information may be logged in a typical network?
0
pma111
Asked:
pma111
  • 3
  • 3
  • 2
2 Solutions
 
pma111Author Commented:
Does the local security audit events only log a "Local login"? I.e. if your logging in the domain does that count as a local login?
0
 
2CsCommented:
I don't believe you can try log off's, but you can with log on's. They will appear in the security log in event viewer on your domain controllers, but you would need to configure in group policy:

- Computer Configuration => Policies => Windows Settings => Security Settings => Local Policies => Audit Policy
0
 
jerseysamCommented:
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
pma111Author Commented:
So if user Y from PC X logged into domain W, domain W's local security log may have this information. Any idea if it the log entry shows what PC they logged into the domain from?
0
 
jerseysamCommented:
I think it will only show you the DOMAIN\USER log on in respect to those logs.

It will use Active Directory to track these actions.

There will probably be some 3rd Party Software out there to monitor PC's i am sure.
0
 
2CsCommented:
They will show as either successful logons or failures depending on the result. It will also depend how your logs are setup in size to how far you can go back.
0
 
pma111Author Commented:
Do the security events on the client (ie XP) relate to domain logins also? I.e. will they correlate?
0
 
2CsCommented:
They should do, but it also contains on the local client any logon/log offs of network resources at machine level.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now