Solved

Auditing domain users logons to computers

Posted on 2013-02-07
2
500 Views
Last Modified: 2013-02-19
We're trying to track which users in the organization are logging in and out of what computers and when.

So as a simple proof-of-concept, I figured I would try auditing what users are logging into and out of our domain controller (so it basically it should be just me).

I've poked around in the audit policy configuration section of the group policies on the server, and I can see that by default, servers should be auditing account logons.

If I go into event viewer and look at the "Security" section of Event Viewer I can indeed see the audit events - 227,000 of them since last week!!

There's all sorts of events in here and I can't make heads or tails of any of it. Clearly it's auditing a lot more than just users logging int othe server, it's auditing every authentication ever made.

.... are there any tools that can help make this easier to decipher or generate reports based on this information?
0
Comment
Question by:Frosty555
2 Comments
 
LVL 17

Expert Comment

by:Tony Massa
ID: 38866469
http://social.technet.microsoft.com/Forums/en-US/ITCG/thread/40abcffd-9148-4f0d-8b21-d7f6bcc1d15e/

Here's a thread of someone attempting this same thing.  Some good ideas there.
0
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 500 total points
ID: 38866907
You may also use Manage engine ADAudit Plus its trial version last for 30 days you will also get many addititional features apart from user audit

https://www.manageengine.com/products/active-directory-audit/user-logon-audit-reports.html
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
An article on effective troubleshooting
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question