Re: Need logon and Logoff data for 30 days

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 09/15/05


Date: Wed, 14 Sep 2005 17:47:06 -0500

Auditing of account logon events alone will not show when a user logs off.
You would need to enable auditing of logon events [or just use logon events
on those servers] on your domain Citrix servers that the users are logging
onto to see logoffs also. Anyhow on your domain controllers and domain
servers where you want to track user activity you will need to substantially
increase the size of the security logs starting with maybe 50MB and disable
any auditing that you do not currently use that may be enabled such as
object access [used for folder auditing], process tracking, and privilege
use. You can also use the free MS tool Event Comb to make it easier to find
specific events in security logs on multiple computers which can include
text strings for user name, etc. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308471 --- info on
Event Comb.

"Shay" <Shay@discussions.microsoft.com> wrote in message
news:9169BB3A-6A8F-43AF-A92F-28ECB7C7644B@microsoft.com...
> Hi, I have about 600 remote users that logon through 10 Citrix servers.
> Upon
> request, I need to be able to provide when a perticular user logged on and
> off for the last 30 days. I curently have set our default domain policy to
> "audit account logon events" but it is logging a ton of stuff and
> constantly
> fills our security log before 30 days is up. Anyway, any suggestions would
> be
> greatly appreciated.
>
> 2003 AD
>
> TIA,
> Shay