Which user logged on at particular time?

Is there a way to findout which user logged on at particular time like (jan28 2.10am).?
If yes, is there a way to findout which application that user accessed on the server?
LVL 9
Vijaya Reddy Pinnapa ReddyAsked:
Who is Participating?
 
Vijaya Reddy Pinnapa ReddyConnect With a Mentor Author Commented:
As i told i already enabled it. I checked by looking at the event 4624.

Thanks for your support
0
 
strivoliCommented:
The Windows Security Log (run eventvwr) on the server or on the AD DC will list when users logged in.
That depends on the application and if it isn't provided by the application you can set an Audit on the executable or on the folder "hosting" the executable.
0
 
Vijaya Reddy Pinnapa ReddyAuthor Commented:
Yes, security log, there is an event id i.e 4624. It contains
New Logon:
      Security ID:            domain\xxx$
      Account Name:            xxx$
      Account Domain:            domain
      Logon ID:            0x3xxxxx
      Logon GUID:            {d6b890ca-2b2b-afb0-e306-bbe9b5699fe3}
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
strivoliCommented:
Fine. Set the Audit on the executable and make some tests and you'll see entries in the Security Log as well.
0
 
cloudvdiexpert1Commented:
By default the level of logging does not tell you much so you may have to increase that in the GPO for that server.

Unfortunately you will not get the answer i think you are seeking as, i know because i have been there, but you will be able to provide an approximate answer to the powers that be.
0
 
michaelalphiCommented:
You can enable auditing on the domain level by using Group Policy to check user activity in particular time period :
Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy

Create a logon script on the required domain/OU/user account with the following content :
 
echo %date%,%time%,%computername%,%username%,%sessionname%,%logonserver% >> \\SERVER\SHARENAME$\LOGON.LOG

Create a logoff script on the required domain/OU/user account with the following content:
 
echo %date%,%time%,%computername%,%username%,%sessionname%,%logonserver% >> \\SERVER\SHARENAME$\LOGOFF.LOG
You can get more help at : http://support.microsoft.com/kb/556015
Also, you can check this automated option for the same : http://www.windowseventlogmonitor.com/
0
 
Vijaya Reddy Pinnapa ReddyAuthor Commented:
As i told i already enabled it. I checked by looking at the event 4624.

Thanks for your support
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.