How to track a user utilization on my network

Windindi
Windindi used Ask the Experts™
on
Hi, I have been dealing with a problem that was not set before but now I need to do it. How can I track what and where a user in my AD have been opening, remote log, and log, and file or any change on the network. is there a script or a small app that can show me this?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
kevinhsiehNetwork Engineer

Commented:
Sorry, what do you want to track? File usage, web site activity, network traffic, administrative changes?
Distinguished Expert 2018

Commented:
What logging do you have enabled on the domain controllers?
Top Expert 2016
Commented:
you pretty much have to enable tracking on every users actions and then filter it by the user. There will be several logs that may exist on different domain controllers. The audit logs will become quite large and will consume a lot of disk i/o resources.  You also cannot go back in time but only from the time you started logging onwards.
Distinguished Expert 2018

Commented:
You may also need to put in something a SIEM or log aggregator to be able maintain a centralized reasonable history.

Author

Commented:
So at this point without having the log enebled I won´t be able to do anything? there is no 3rd party apps that could do that?
Top Expert 2016

Commented:
That's correct you can't retroactively get data that wasn't generated.
kevinhsiehNetwork Engineer

Commented:
Yeah, if this is retrospective analysis you can't study what you didn't collect.

You have not said what type of activity you're looking for.

Author

Commented:
that would be file access, remote access and AD changes

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial