Domain logins

By default on 2003 domain cotnrollers - do they maintain any "Login" "logout" type records for all users? I.e. user X logged into the domain on dd/mm/yyyy at hh:mm:ss, and logged out on dd/mm/yyyy at hh:mm:ss?

If so how long does this data go back for?

Likewise on their local PC (windows XP) would their be any such logs there, and any rough estimate how long it would go back for?

Aside from domain controllers/PC anywhere else where this information may be logged in a typical network?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pma111Author Commented:
Does the local security audit events only log a "Local login"? I.e. if your logging in the domain does that count as a local login?
I don't believe you can try log off's, but you can with log on's. They will appear in the security log in event viewer on your domain controllers, but you would need to configure in group policy:

- Computer Configuration => Policies => Windows Settings => Security Settings => Local Policies => Audit Policy

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

pma111Author Commented:
So if user Y from PC X logged into domain W, domain W's local security log may have this information. Any idea if it the log entry shows what PC they logged into the domain from?
I think it will only show you the DOMAIN\USER log on in respect to those logs.

It will use Active Directory to track these actions.

There will probably be some 3rd Party Software out there to monitor PC's i am sure.
They will show as either successful logons or failures depending on the result. It will also depend how your logs are setup in size to how far you can go back.
pma111Author Commented:
Do the security events on the client (ie XP) relate to domain logins also? I.e. will they correlate?
They should do, but it also contains on the local client any logon/log offs of network resources at machine level.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.