User access Logging
Hello All,
I'm trying to see if it's possible to see how many times a user has logged into a terminal server (specific dates, times, etc.)
Is this something that is possible?
I'm trying to see if it's possible to see how many times a user has logged into a terminal server (specific dates, times, etc.)
Is this something that is possible?
Neil Russell
Easiest way is with your login script. Just have it output to a text log file somewhere with the computername, user name, date, time, LOGON or LOGOFF
ASKER
Not positive exactly how one would do that, could you elaborate a little bit more?
Also, if this option had not been in place, is there another way to find this information out? We've had a bit of a security issue and need to try to determine when a user has been logging into a particular sever.
Also, if this option had not been in place, is there another way to find this information out? We've had a bit of a security issue and need to try to determine when a user has been logging into a particular sever.
you can check in the event log for the user login and logoff.
Event IDs 528 and 540 signify a successful logon, event ID 538 a logoff
Event IDs 528 and 540 signify a successful logon, event ID 538 a logoff
In event Viewer check the security logs...
http://technet.microsoft.com/en-us/library/Bb742435.lgeven03_big(l=en-us).gif
http://technet.microsoft.com/en-us/library/Bb742435.lgeven03_big(l=en-us).gif
.gif){kind=link}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It looks like the required auditing policies were not in place. The security log only shows a handful of entries, none of which are related to logons/offs.