Re: How would you log logins?

From: Eric Fitzgerald [MS] (ericf@online.microsoft.com)
Date: 10/04/02 

From: "Eric Fitzgerald [MS]" <ericf@online.microsoft.com>
Date: Thu, 3 Oct 2002 20:01:53 -0700

1. It can be configured to do so. EventVwr. Right-click log and click
"properties".
2. Logons come in pairs (logon & logoff) and are logged on the machine that
was accessed, typically a member server or workstation. Account logons do
not have "logoff" events, and are logged on the machine that validated the
user's credentials, typically a domain controller in a domain environment,
but can be logged on a member server or workstation if a local account is
used for access.

Eric

"news2.bellatlantic.net" <bosco@aol.com> wrote in message
news:FaHm9.27735$CN2.24253@nwrddc01.gnilink.net...
> Two questions:
>
> 1. Will the log file write over itself when it fills?
>
> 2. What is the difference between Account Logons or Logon events.?
>
> Thanks much!
>
>
> "** EJ **" <ejhonda@iwon.com> wrote in message
> news:242d01c2694a$a1facda0$35ef2ecf@TKMSFTNGXA11...
> > I believe you're looking for the Local Security Policy on
> > Win 2K server. Navigate to Start, Programs,
> > Administrative Tools, Local Security Policy. This brings
> > up a screen (the MMC) w/ a tree of policies listed.
> > Expand Local Policies, and click on Audit Policies. Right
> > click on either 'Audit account logon events' or 'Audit
> > logon events' (or both, if desired) and choose Security.
> > Choose whether you want to monitor successful, failed, or
> > both results.
> >
> > Make sure you make the Security event log big enough to
> > handle your new entries.
> >
> > ** EJ **
> >
> > >-----Original Message-----
> > >In Win NT 4.0, there was a way to logg successful /
> > unsuccessful login
> > >attempts, keeping track of the login name that was used.
> > >
> > >I can't seem to find any info on how to do this with 2000
> > or XP.
> > >
> > >Can anyone point me toward a white paper? What topic
> > would I search for?
> > >
> > >Thanks.
> > >
> > >Chris
> > >
> > >
> > >
> > >.
> > >
>
>

Relevant Pages

  • clear login cache
    ... Ask your Desktop Administrator to boot your windowsxp into Local Machine Administrator logon, ... Double Click on Local Security Policy icon ... Privius logons to cache(In case domain ontroller ...
    (microsoft.public.windows.server.general)
  • Re: recording users logon/off times
    ... be better off implementing your own solution, as the event logs won't cater for unexpected shutdowns, disconnections, etc. and are also sadly lacking in the exact info. you need. ... You can then build logic into reports, etc. for incidents whereby a user logs on from the same computer twice but there's no logoff event. ... You can, I am sure, tweak this so that it just reports and doesn't actually limit logons, etc. ... However the environment at work is a hybrid HP-UX/Windows environment and so that is why that situation was possible. ...
    (microsoft.public.win2000.active_directory)
  • Re: Event viewer Login and logoff
    ... >> If you are talking domain logons then you also want to enable account ... >> logon events in Domain Controller Security Policy. ...
    (microsoft.public.windows.server.security)
  • Security Event Logs
    ... I have had to read some old NT4 EVT logs and noticed a lot of 528 Logons ... followed in about 2-3 minutes by a 538 logoff... ... Are there any other way for a 528 event to happen other than a CTRL-ALT-DEL ...
    (microsoft.public.windows.server.security)