Solved

AD logs and PC/IP info

Posted on 2014-12-22
2
82 Views
Last Modified: 2015-01-06
I am trying to determine times a user logged into the domain and from what PC. I guess logs on the domain controller may list successful logon/logoff times, but would they only include the domain username, or would they also include any clues on the PC used to login to the domain? I don't currently have any access to a DC to see what information the logs include?
0
Comment
Question by:pma111
2 Comments
 
LVL 3

Author Comment

by:pma111
ID: 40514443
Anyone?
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40514500
With windows 2008 account logon events are categorized as 4624, 4634 and 4647 and 4768

4624 does tell you about workstation logon details, but do not tell you user details
4634 does tell you about workstation logoff details only
4647 are logoff events
4768 are Kerberos events for users

None of the above events gives you idea about logged on user account on domain

In reality when you enable audit account logon events on default domain controller policy, it should log both user and computer activity related to logon in single event

Hence you can try below
In Default domain controller policy enable "Audit account logon events for success and failure and in advanced audit policy settings in same GPO enable credential validation for success, It might give you both user and computer logon details on domain controller
I have not tested credential validation, however you can test that
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Losing network connectivity 8 73
Change AD password via MS Access DB 2 17
Linksys 4 port wireless router 62 43
SYSVOL not replicating 10 48
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Synchronize a new Active Directory domain with an existing Office 365 tenant
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now