Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 505
  • Last Modified:

Auditing domain users logons to computers

We're trying to track which users in the organization are logging in and out of what computers and when.

So as a simple proof-of-concept, I figured I would try auditing what users are logging into and out of our domain controller (so it basically it should be just me).

I've poked around in the audit policy configuration section of the group policies on the server, and I can see that by default, servers should be auditing account logons.

If I go into event viewer and look at the "Security" section of Event Viewer I can indeed see the audit events - 227,000 of them since last week!!

There's all sorts of events in here and I can't make heads or tails of any of it. Clearly it's auditing a lot more than just users logging int othe server, it's auditing every authentication ever made.

.... are there any tools that can help make this easier to decipher or generate reports based on this information?
0
Frosty555
Asked:
Frosty555
1 Solution
 
Tony MassaCommented:
http://social.technet.microsoft.com/Forums/en-US/ITCG/thread/40abcffd-9148-4f0d-8b21-d7f6bcc1d15e/

Here's a thread of someone attempting this same thing.  Some good ideas there.
0
 
Sarang TinguriaSr EngineerCommented:
You may also use Manage engine ADAudit Plus its trial version last for 30 days you will also get many addititional features apart from user audit

https://www.manageengine.com/products/active-directory-audit/user-logon-audit-reports.html
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now