Re: Get list of users who logged into Domain Controller?
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/13/04
- Next message: Steven L Umbach: "Re: is there new security template that harden's IE like Win2k3 ?"
- Previous message: Oli Restorick [MVP]: "Re: Run As restriction"
- In reply to: ohaya: "Re: Get list of users who logged into Domain Controller?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 13 Nov 2004 22:11:01 GMT
They are not enabled by default. The one you want to enable is account logon
events in Domain Controller Security Policy. You will have to examine the
security logs on all the domain controllers as the event will be recorded in
the log of the domain controller that authenticated a user. The free Event
Comb from Microsoft can make it easy to search the security logs of multiple
domain controllers. --- Steve
http://www.microsoft.com/technet/security/guidance/secmod144.mspx --- MS
white paper on auditing.
"ohaya" <ohaya@cox.net> wrote in message news:41920D0A.8E90EEDE@cox.net...
> Glenn,
>
> Thanks. I'll try that.
>
> It looks like these are both disabled by default?
>
> Jim
>
>
>
>
> Glenn L wrote:
>>
>> If you want to know who is logging on locally to your domain controller,
>> you
>> need to enable "Audit logon events" I suggest you also enable "audit
>> account
>> logon events"
>> Both of these should be enabled on the domain controller policy.
>>
>> --
>> Glenn L
- Next message: Steven L Umbach: "Re: is there new security template that harden's IE like Win2k3 ?"
- Previous message: Oli Restorick [MVP]: "Re: Run As restriction"
- In reply to: ohaya: "Re: Get list of users who logged into Domain Controller?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
