• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1270
  • Last Modified:

Window Server 2008 - Audit logs

I need to track when users are logging in to Windows Server 2008.  What is the process to do this?  We use Active Directory.. Thank you!
0
pstre
Asked:
pstre
1 Solution
 
Jeff PerryWindows AdministratorCommented:
This information should be enabled by default under :

Start>All Programs>Administrative Tools>Event Viewer

Or eventvwr.msc in the run box

Windows Logs> Security

Several different messages are usually logged for each logon event so keep that in mind if you are looking for specific users ect...
0
 
Santosh GuptaCommented:
You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system. Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node.

To view connections to shared resources, type net session at a command prompt or follow these steps:
1. In Computer Management, connect to the computer on which you created the shared resource.
2. In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and computers.

The columns for the Sessions node provide the following important information about user and computer connections:

    User The names of users or computers connected to shared resources. Computer names are shown with a $ suffix to differentiate them from users.
    Computer The name of the computer being used.
    Type The type of network connection being used.
    # Open Files The number of files the user is actively working with. For more detailed information, access the Open Files node.
    Connected Time The time that has elapsed since the connection was established.
    Idle Time The time that has elapsed since the connection was last used.
    Guest Whether the user is logged on as a guest.
0
 
Santosh GuptaCommented:
Moe Granular example are below , you can create the Group Policy by following below article.

http://blog.windowsnt.lv/2011/11/15/tracking-user-activity-english/
0
 
MaheshArchitectCommented:
In active directory, in default domain controller policy, just enable audit account logon events in audit policy so that any time user logon to domain on any workstation \ server, it will generate logon event on domain controller which tells you that user is logged on to domain resources

Also on OU containing 2008 servers, apply new GPO and in GPO set audit logon events in audit policy for success and failures so that any time any user will logon to 2008 server it will generate events on 2008 server

In case you want to audit active directory you can check below link for more details
http://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx

Mahesh
0
 
Tony GiangrecoCommented:
You might need to go into Local Security Policy in the default GPO to activate that option. Onc3e that is done, go to event viewer, Windows Logs, security and you will see the events of logins & logout.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now