Solved

Window Server 2008 - Audit logs

Posted on 2014-02-26
5
1,157 Views
Last Modified: 2014-03-28
I need to track when users are logging in to Windows Server 2008.  What is the process to do this?  We use Active Directory.. Thank you!
0
Comment
Question by:pstre
5 Comments
 
LVL 8

Expert Comment

by:Jeff Perry
ID: 39889897
This information should be enabled by default under :

Start>All Programs>Administrative Tools>Event Viewer

Or eventvwr.msc in the run box

Windows Logs> Security

Several different messages are usually logged for each logon event so keep that in mind if you are looking for specific users ect...
0
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 500 total points
ID: 39889907
You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system. Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node.

To view connections to shared resources, type net session at a command prompt or follow these steps:
1. In Computer Management, connect to the computer on which you created the shared resource.
2. In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and computers.

The columns for the Sessions node provide the following important information about user and computer connections:

    User The names of users or computers connected to shared resources. Computer names are shown with a $ suffix to differentiate them from users.
    Computer The name of the computer being used.
    Type The type of network connection being used.
    # Open Files The number of files the user is actively working with. For more detailed information, access the Open Files node.
    Connected Time The time that has elapsed since the connection was established.
    Idle Time The time that has elapsed since the connection was last used.
    Guest Whether the user is logged on as a guest.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39889912
Moe Granular example are below , you can create the Group Policy by following below article.

http://blog.windowsnt.lv/2011/11/15/tracking-user-activity-english/
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39890231
In active directory, in default domain controller policy, just enable audit account logon events in audit policy so that any time user logon to domain on any workstation \ server, it will generate logon event on domain controller which tells you that user is logged on to domain resources

Also on OU containing 2008 servers, apply new GPO and in GPO set audit logon events in audit policy for success and failures so that any time any user will logon to 2008 server it will generate events on 2008 server

In case you want to audit active directory you can check below link for more details
http://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx

Mahesh
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39890409
You might need to go into Local Security Policy in the default GPO to activate that option. Onc3e that is done, go to event viewer, Windows Logs, security and you will see the events of logins & logout.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now