Solved

Window Server 2008 - Audit logs

Posted on 2014-02-26
5
1,179 Views
Last Modified: 2014-03-28
I need to track when users are logging in to Windows Server 2008.  What is the process to do this?  We use Active Directory.. Thank you!
0
Comment
Question by:pstre
5 Comments
 
LVL 8

Expert Comment

by:Jeff Perry
ID: 39889897
This information should be enabled by default under :

Start>All Programs>Administrative Tools>Event Viewer

Or eventvwr.msc in the run box

Windows Logs> Security

Several different messages are usually logged for each logon event so keep that in mind if you are looking for specific users ect...
0
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 500 total points
ID: 39889907
You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system. Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node.

To view connections to shared resources, type net session at a command prompt or follow these steps:
1. In Computer Management, connect to the computer on which you created the shared resource.
2. In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and computers.

The columns for the Sessions node provide the following important information about user and computer connections:

    User The names of users or computers connected to shared resources. Computer names are shown with a $ suffix to differentiate them from users.
    Computer The name of the computer being used.
    Type The type of network connection being used.
    # Open Files The number of files the user is actively working with. For more detailed information, access the Open Files node.
    Connected Time The time that has elapsed since the connection was established.
    Idle Time The time that has elapsed since the connection was last used.
    Guest Whether the user is logged on as a guest.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39889912
Moe Granular example are below , you can create the Group Policy by following below article.

http://blog.windowsnt.lv/2011/11/15/tracking-user-activity-english/
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39890231
In active directory, in default domain controller policy, just enable audit account logon events in audit policy so that any time user logon to domain on any workstation \ server, it will generate logon event on domain controller which tells you that user is logged on to domain resources

Also on OU containing 2008 servers, apply new GPO and in GPO set audit logon events in audit policy for success and failures so that any time any user will logon to 2008 server it will generate events on 2008 server

In case you want to audit active directory you can check below link for more details
http://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx

Mahesh
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39890409
You might need to go into Local Security Policy in the default GPO to activate that option. Onc3e that is done, go to event viewer, Windows Logs, security and you will see the events of logins & logout.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question