Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

AD logs and PC/IP info

Posted on 2014-12-22
2
86 Views
Last Modified: 2015-01-06
I am trying to determine times a user logged into the domain and from what PC. I guess logs on the domain controller may list successful logon/logoff times, but would they only include the domain username, or would they also include any clues on the PC used to login to the domain? I don't currently have any access to a DC to see what information the logs include?
0
Comment
Question by:pma111
2 Comments
 
LVL 3

Author Comment

by:pma111
ID: 40514443
Anyone?
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40514500
With windows 2008 account logon events are categorized as 4624, 4634 and 4647 and 4768

4624 does tell you about workstation logon details, but do not tell you user details
4634 does tell you about workstation logoff details only
4647 are logoff events
4768 are Kerberos events for users

None of the above events gives you idea about logged on user account on domain

In reality when you enable audit account logon events on default domain controller policy, it should log both user and computer activity related to logon in single event

Hence you can try below
In Default domain controller policy enable "Audit account logon events for success and failure and in advanced audit policy settings in same GPO enable credential validation for success, It might give you both user and computer logon details on domain controller
I have not tested credential validation, however you can test that
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question