Solved

Auditing domain users logons to computers

Posted on 2013-02-07
2
498 Views
Last Modified: 2013-02-19
We're trying to track which users in the organization are logging in and out of what computers and when.

So as a simple proof-of-concept, I figured I would try auditing what users are logging into and out of our domain controller (so it basically it should be just me).

I've poked around in the audit policy configuration section of the group policies on the server, and I can see that by default, servers should be auditing account logons.

If I go into event viewer and look at the "Security" section of Event Viewer I can indeed see the audit events - 227,000 of them since last week!!

There's all sorts of events in here and I can't make heads or tails of any of it. Clearly it's auditing a lot more than just users logging int othe server, it's auditing every authentication ever made.

.... are there any tools that can help make this easier to decipher or generate reports based on this information?
0
Comment
Question by:Frosty555
2 Comments
 
LVL 17

Expert Comment

by:Tony Massa
ID: 38866469
http://social.technet.microsoft.com/Forums/en-US/ITCG/thread/40abcffd-9148-4f0d-8b21-d7f6bcc1d15e/

Here's a thread of someone attempting this same thing.  Some good ideas there.
0
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 500 total points
ID: 38866907
You may also use Manage engine ADAudit Plus its trial version last for 30 days you will also get many addititional features apart from user audit

https://www.manageengine.com/products/active-directory-audit/user-logon-audit-reports.html
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now