Solved

Domain logins

Posted on 2012-03-19
8
311 Views
Last Modified: 2012-03-20
By default on 2003 domain cotnrollers - do they maintain any "Login" "logout" type records for all users? I.e. user X logged into the domain on dd/mm/yyyy at hh:mm:ss, and logged out on dd/mm/yyyy at hh:mm:ss?

If so how long does this data go back for?

Likewise on their local PC (windows XP) would their be any such logs there, and any rough estimate how long it would go back for?

Aside from domain controllers/PC anywhere else where this information may be logged in a typical network?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 3

Author Comment

by:pma111
ID: 37736862
Does the local security audit events only log a "Local login"? I.e. if your logging in the domain does that count as a local login?
0
 
LVL 5

Accepted Solution

by:
2Cs earned 250 total points
ID: 37736933
I don't believe you can try log off's, but you can with log on's. They will appear in the security log in event viewer on your domain controllers, but you would need to configure in group policy:

- Computer Configuration => Policies => Windows Settings => Security Settings => Local Policies => Audit Policy
0
 
LVL 15

Assisted Solution

by:jerseysam
jerseysam earned 250 total points
ID: 37736946
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 3

Author Comment

by:pma111
ID: 37736950
So if user Y from PC X logged into domain W, domain W's local security log may have this information. Any idea if it the log entry shows what PC they logged into the domain from?
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 37736965
I think it will only show you the DOMAIN\USER log on in respect to those logs.

It will use Active Directory to track these actions.

There will probably be some 3rd Party Software out there to monitor PC's i am sure.
0
 
LVL 5

Expert Comment

by:2Cs
ID: 37736979
They will show as either successful logons or failures depending on the result. It will also depend how your logs are setup in size to how far you can go back.
0
 
LVL 3

Author Comment

by:pma111
ID: 37737063
Do the security events on the client (ie XP) relate to domain logins also? I.e. will they correlate?
0
 
LVL 5

Expert Comment

by:2Cs
ID: 37737105
They should do, but it also contains on the local client any logon/log offs of network resources at machine level.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question