• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 316
  • Last Modified:

Active Directory: Monitoring Local and Remote Logins

Hello Experts!

    What would be the best way to monitor local and remote log-ins with the same account?  For example, lets say that I wanted to see if someone was logging in normally with their network account but also logging in remotely (via VPN) with their account as well.  Sharing their credentials in other words.    

      e.g.  I log into my account with my network credentials, then call John Doe and and share my log in credentials with him.  He then logs in via the VPN with my credentials.  Is there a way to track that or a script of some sort that could help keep tabs on this behavior?
2 Solutions
Hi Itsm,
You can download AD auditor tool from this MS-networking utility link(http://technet.microsoft.com/en-us/sysinternals/bb795532.aspx) to monitor local and remote log-ins in active directory.
Additionally, you can have also explore this link(http://www.activedirectoryaudit.com/) which seems fit in your required AD environment.

You can achieve this through reviewing Security Events

Tracking User Logon Activity Using Logon Events

PFA - Quick Reference Charts of Events.

Hope that helps :)
itsmevicAuthor Commented:
Fantastic input, thank you both!

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now