Window Server 2008 - Audit logs

pstre
pstre used Ask the Experts™
on
I need to track when users are logging in to Windows Server 2008.  What is the process to do this?  We use Active Directory.. Thank you!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Jeff PerryWindows Administrator

Commented:
This information should be enabled by default under :

Start>All Programs>Administrative Tools>Event Viewer

Or eventvwr.msc in the run box

Windows Logs> Security

Several different messages are usually logged for each logon event so keep that in mind if you are looking for specific users ect...
Top Expert 2014
Commented:
You can use Computer Management to track all connections to shared resources on a Windows Server 2008 R2 system. Whenever a user or computer connects to a shared resource, Windows Server 2008 R2 lists a connection in the Sessions node.

To view connections to shared resources, type net session at a command prompt or follow these steps:
1. In Computer Management, connect to the computer on which you created the shared resource.
2. In the console tree, expand System Tools, expand Shared Folders, and then select Sessions. You can now view connections to shares for users and computers.

The columns for the Sessions node provide the following important information about user and computer connections:

    User The names of users or computers connected to shared resources. Computer names are shown with a $ suffix to differentiate them from users.
    Computer The name of the computer being used.
    Type The type of network connection being used.
    # Open Files The number of files the user is actively working with. For more detailed information, access the Open Files node.
    Connected Time The time that has elapsed since the connection was established.
    Idle Time The time that has elapsed since the connection was last used.
    Guest Whether the user is logged on as a guest.
Top Expert 2014

Commented:
Moe Granular example are below , you can create the Group Policy by following below article.

http://blog.windowsnt.lv/2011/11/15/tracking-user-activity-english/
MaheshArchitect
Distinguished Expert 2018

Commented:
In active directory, in default domain controller policy, just enable audit account logon events in audit policy so that any time user logon to domain on any workstation \ server, it will generate logon event on domain controller which tells you that user is logged on to domain resources

Also on OU containing 2008 servers, apply new GPO and in GPO set audit logon events in audit policy for success and failures so that any time any user will logon to 2008 server it will generate events on 2008 server

In case you want to audit active directory you can check below link for more details
http://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx

Mahesh
You might need to go into Local Security Policy in the default GPO to activate that option. Onc3e that is done, go to event viewer, Windows Logs, security and you will see the events of logins & logout.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial