Which user logged on at particular time?

Posted on 2014-01-29
Medium Priority
Last Modified: 2014-02-03
Is there a way to findout which user logged on at particular time like (jan28 2.10am).?
If yes, is there a way to findout which application that user accessed on the server?
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 20

Expert Comment

ID: 39817325
The Windows Security Log (run eventvwr) on the server or on the AD DC will list when users logged in.
That depends on the application and if it isn't provided by the application you can set an Audit on the executable or on the folder "hosting" the executable.

Author Comment

by:Vijaya Reddy Pinnapa Reddy
ID: 39817329
Yes, security log, there is an event id i.e 4624. It contains
New Logon:
      Security ID:            domain\xxx$
      Account Name:            xxx$
      Account Domain:            domain
      Logon ID:            0x3xxxxx
      Logon GUID:            {d6b890ca-2b2b-afb0-e306-bbe9b5699fe3}
LVL 20

Expert Comment

ID: 39817344
Fine. Set the Audit on the executable and make some tests and you'll see entries in the Security Log as well.
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?


Expert Comment

ID: 39817375
By default the level of logging does not tell you much so you may have to increase that in the GPO for that server.

Unfortunately you will not get the answer i think you are seeking as, i know because i have been there, but you will be able to provide an approximate answer to the powers that be.

Expert Comment

ID: 39820160
You can enable auditing on the domain level by using Group Policy to check user activity in particular time period :
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy

Create a logon script on the required domain/OU/user account with the following content :
echo %date%,%time%,%computername%,%username%,%sessionname%,%logonserver% >> \\SERVER\SHARENAME$\LOGON.LOG

Create a logoff script on the required domain/OU/user account with the following content:
echo %date%,%time%,%computername%,%username%,%sessionname%,%logonserver% >> \\SERVER\SHARENAME$\LOGOFF.LOG
You can get more help at : http://support.microsoft.com/kb/556015
Also, you can check this automated option for the same : http://www.windowseventlogmonitor.com/

Accepted Solution

Vijaya Reddy Pinnapa Reddy earned 0 total points
ID: 39820294
As i told i already enabled it. I checked by looking at the event 4624.

Thanks for your support

Author Closing Comment

by:Vijaya Reddy Pinnapa Reddy
ID: 39829106
As i told i already enabled it. I checked by looking at the event 4624.

Thanks for your support

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question