Solved

Which user logged on at particular time?

Posted on 2014-01-29
7
334 Views
Last Modified: 2014-02-03
Is there a way to findout which user logged on at particular time like (jan28 2.10am).?
If yes, is there a way to findout which application that user accessed on the server?
0
Comment
7 Comments
 
LVL 19

Expert Comment

by:strivoli
Comment Utility
The Windows Security Log (run eventvwr) on the server or on the AD DC will list when users logged in.
That depends on the application and if it isn't provided by the application you can set an Audit on the executable or on the folder "hosting" the executable.
0
 
LVL 9

Author Comment

by:Vijaya Reddy Pinnapa Reddy
Comment Utility
Yes, security log, there is an event id i.e 4624. It contains
New Logon:
      Security ID:            domain\xxx$
      Account Name:            xxx$
      Account Domain:            domain
      Logon ID:            0x3xxxxx
      Logon GUID:            {d6b890ca-2b2b-afb0-e306-bbe9b5699fe3}
0
 
LVL 19

Expert Comment

by:strivoli
Comment Utility
Fine. Set the Audit on the executable and make some tests and you'll see entries in the Security Log as well.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Expert Comment

by:cloudvdiexpert1
Comment Utility
By default the level of logging does not tell you much so you may have to increase that in the GPO for that server.

Unfortunately you will not get the answer i think you are seeking as, i know because i have been there, but you will be able to provide an approximate answer to the powers that be.
0
 
LVL 4

Expert Comment

by:michaelalphi
Comment Utility
You can enable auditing on the domain level by using Group Policy to check user activity in particular time period :
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy

Create a logon script on the required domain/OU/user account with the following content :
 
echo %date%,%time%,%computername%,%username%,%sessionname%,%logonserver% >> \\SERVER\SHARENAME$\LOGON.LOG

Create a logoff script on the required domain/OU/user account with the following content:
 
echo %date%,%time%,%computername%,%username%,%sessionname%,%logonserver% >> \\SERVER\SHARENAME$\LOGOFF.LOG
You can get more help at : http://support.microsoft.com/kb/556015
Also, you can check this automated option for the same : http://www.windowseventlogmonitor.com/
0
 
LVL 9

Accepted Solution

by:
Vijaya Reddy Pinnapa Reddy earned 0 total points
Comment Utility
As i told i already enabled it. I checked by looking at the event 4624.

Thanks for your support
0
 
LVL 9

Author Closing Comment

by:Vijaya Reddy Pinnapa Reddy
Comment Utility
As i told i already enabled it. I checked by looking at the event 4624.

Thanks for your support
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now