Solved

AD logs and PC/IP info

Posted on 2014-12-22
2
88 Views
Last Modified: 2015-01-06
I am trying to determine times a user logged into the domain and from what PC. I guess logs on the domain controller may list successful logon/logoff times, but would they only include the domain username, or would they also include any clues on the PC used to login to the domain? I don't currently have any access to a DC to see what information the logs include?
0
Comment
Question by:pma111
2 Comments
 
LVL 3

Author Comment

by:pma111
ID: 40514443
Anyone?
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40514500
With windows 2008 account logon events are categorized as 4624, 4634 and 4647 and 4768

4624 does tell you about workstation logon details, but do not tell you user details
4634 does tell you about workstation logoff details only
4647 are logoff events
4768 are Kerberos events for users

None of the above events gives you idea about logged on user account on domain

In reality when you enable audit account logon events on default domain controller policy, it should log both user and computer activity related to logon in single event

Hence you can try below
In Default domain controller policy enable "Audit account logon events for success and failure and in advanced audit policy settings in same GPO enable credential validation for success, It might give you both user and computer logon details on domain controller
I have not tested credential validation, however you can test that
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question