Solved

Window Server 2008 - Audit logs

Posted on 2014-02-26
5
1,188 Views
Last Modified: 2014-03-28
I need to track when users are logging in to Windows Server 2008.  What is the process to do this?  We use Active Directory.. Thank you!
0
Comment
Question by:pstre
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 8

Expert Comment

by:Jeff Perry
ID: 39889897
This information should be enabled by default under :

Start>All Programs>Administrative Tools>Event Viewer

Or eventvwr.msc in the run box

Windows Logs> Security

Several different messages are usually logged for each logon event so keep that in mind if you are looking for specific users ect...
0
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 500 total points
ID: 39889907
You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system. Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node.

To view connections to shared resources, type net session at a command prompt or follow these steps:
1. In Computer Management, connect to the computer on which you created the shared resource.
2. In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and computers.

The columns for the Sessions node provide the following important information about user and computer connections:

    User The names of users or computers connected to shared resources. Computer names are shown with a $ suffix to differentiate them from users.
    Computer The name of the computer being used.
    Type The type of network connection being used.
    # Open Files The number of files the user is actively working with. For more detailed information, access the Open Files node.
    Connected Time The time that has elapsed since the connection was established.
    Idle Time The time that has elapsed since the connection was last used.
    Guest Whether the user is logged on as a guest.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39889912
Moe Granular example are below , you can create the Group Policy by following below article.

http://blog.windowsnt.lv/2011/11/15/tracking-user-activity-english/
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39890231
In active directory, in default domain controller policy, just enable audit account logon events in audit policy so that any time user logon to domain on any workstation \ server, it will generate logon event on domain controller which tells you that user is logged on to domain resources

Also on OU containing 2008 servers, apply new GPO and in GPO set audit logon events in audit policy for success and failures so that any time any user will logon to 2008 server it will generate events on 2008 server

In case you want to audit active directory you can check below link for more details
http://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx

Mahesh
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39890409
You might need to go into Local Security Policy in the default GPO to activate that option. Onc3e that is done, go to event viewer, Windows Logs, security and you will see the events of logins & logout.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question