?
Solved

Auditing domain users logons to computers

Posted on 2013-02-07
2
Medium Priority
?
503 Views
Last Modified: 2013-02-19
We're trying to track which users in the organization are logging in and out of what computers and when.

So as a simple proof-of-concept, I figured I would try auditing what users are logging into and out of our domain controller (so it basically it should be just me).

I've poked around in the audit policy configuration section of the group policies on the server, and I can see that by default, servers should be auditing account logons.

If I go into event viewer and look at the "Security" section of Event Viewer I can indeed see the audit events - 227,000 of them since last week!!

There's all sorts of events in here and I can't make heads or tails of any of it. Clearly it's auditing a lot more than just users logging int othe server, it's auditing every authentication ever made.

.... are there any tools that can help make this easier to decipher or generate reports based on this information?
0
Comment
Question by:Frosty555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 17

Expert Comment

by:Tony Massa
ID: 38866469
http://social.technet.microsoft.com/Forums/en-US/ITCG/thread/40abcffd-9148-4f0d-8b21-d7f6bcc1d15e/

Here's a thread of someone attempting this same thing.  Some good ideas there.
0
 
LVL 18

Accepted Solution

by:
Sarang Tinguria earned 2000 total points
ID: 38866907
You may also use Manage engine ADAudit Plus its trial version last for 30 days you will also get many addititional features apart from user audit

https://www.manageengine.com/products/active-directory-audit/user-logon-audit-reports.html
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month8 days, 10 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question