Solved

Auditing domain users logons to computers

Posted on 2013-02-07
2
497 Views
Last Modified: 2013-02-19
We're trying to track which users in the organization are logging in and out of what computers and when.

So as a simple proof-of-concept, I figured I would try auditing what users are logging into and out of our domain controller (so it basically it should be just me).

I've poked around in the audit policy configuration section of the group policies on the server, and I can see that by default, servers should be auditing account logons.

If I go into event viewer and look at the "Security" section of Event Viewer I can indeed see the audit events - 227,000 of them since last week!!

There's all sorts of events in here and I can't make heads or tails of any of it. Clearly it's auditing a lot more than just users logging int othe server, it's auditing every authentication ever made.

.... are there any tools that can help make this easier to decipher or generate reports based on this information?
0
Comment
Question by:Frosty555
2 Comments
 
LVL 17

Expert Comment

by:Tony Massa
ID: 38866469
http://social.technet.microsoft.com/Forums/en-US/ITCG/thread/40abcffd-9148-4f0d-8b21-d7f6bcc1d15e/

Here's a thread of someone attempting this same thing.  Some good ideas there.
0
 
LVL 18

Accepted Solution

by:
sarang_tinguria earned 500 total points
ID: 38866907
You may also use Manage engine ADAudit Plus its trial version last for 30 days you will also get many addititional features apart from user audit

https://www.manageengine.com/products/active-directory-audit/user-logon-audit-reports.html
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Join & Write a Comment

Suggested Solutions

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now