Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 101
  • Last Modified:

AD logs and PC/IP info

I am trying to determine times a user logged into the domain and from what PC. I guess logs on the domain controller may list successful logon/logoff times, but would they only include the domain username, or would they also include any clues on the PC used to login to the domain? I don't currently have any access to a DC to see what information the logs include?
0
pma111
Asked:
pma111
1 Solution
 
pma111Author Commented:
Anyone?
0
 
MaheshArchitectCommented:
With windows 2008 account logon events are categorized as 4624, 4634 and 4647 and 4768

4624 does tell you about workstation logon details, but do not tell you user details
4634 does tell you about workstation logoff details only
4647 are logoff events
4768 are Kerberos events for users

None of the above events gives you idea about logged on user account on domain

In reality when you enable audit account logon events on default domain controller policy, it should log both user and computer activity related to logon in single event

Hence you can try below
In Default domain controller policy enable "Audit account logon events for success and failure and in advanced audit policy settings in same GPO enable credential validation for success, It might give you both user and computer logon details on domain controller
I have not tested credential validation, however you can test that
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now