What would be the best way to monitor local and remote log-ins with the same account? For example, lets say that I wanted to see if someone was logging in normally with their network account but also logging in remotely (via VPN) with their account as well. Sharing their credentials in other words.
e.g. I log into my account with my network credentials, then call John Doe and and share my log in credentials with him. He then logs in via the VPN with my credentials. Is there a way to track that or a script of some sort that could help keep tabs on this behavior?