Re: Login/Logoff Information

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/08/05

• Next message: Steven L Umbach: "Re: hisecweb.inf"
• Previous message: Steven L Umbach: "Re: Audit failures from explorer.exe"
• In reply to: Shanthi: "Login/Logoff Information"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 7 Mar 2005 21:09:45 -0600

That will be difficult as domain controllers will only record account logon
events for when a user logs onto a domain computer. Account logon events
only record logons while logon events record both logon and logoff. You
should have auditing of account logon events enabled in Domain Controller
Security Policy and also increase the size of the security logs on the
domain controllers quite a bit from default. To record logoff events you
would need to enable auditing of logon events for the domain computers and
the search for the logoff events on the domain computer the user logged off
of. There is no quick, neat, and easy way to do what you want. There are
third party programs such as S..E.L.M. from Languard that can make reports
from security logs. The links below may help. --- Steve

http://www.microsoft.com/technet/security/prodtech/windows2000/secmod144.mspx
http://www.microsoft.com/technet/security/topics/serversecurity/tcg/tcgch00.mspx
http://www.gfi.com/lanselm/

"Shanthi" <Shanthi@discussions.microsoft.com> wrote in message
news:E6D6ABF5-4F7B-4365-AA30-AE5890779C4A@microsoft.com...
>I am using Win2003 DC and having 250+ clients. I want to store the login
> information of each user on DC. The same report should contains the
> following
>
> User name
> System Name
> System IP
> Login time
> Logoff time
>
> Please let me know if any solution as it is becoming very critical issue.
>
>
> Shanthi

• Next message: Steven L Umbach: "Re: hisecweb.inf"
• Previous message: Steven L Umbach: "Re: Audit failures from explorer.exe"
• In reply to: Shanthi: "Login/Logoff Information"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: logon and account logon audit events ... Please see inline for a clarification questions. ... Logon events are recorded when a user accesses ... (B: this is where I need clarificaiton: what exactly do you mean by 'logs ... what constitutes logging on to a domain computer in this context? ... (microsoft.public.win2000.security) Re: Logon failure "target account name incorrect" ... Try enabling auditing of logon events on one of the client computers where ... this is happening and in Domain Controller Security Policy enable auditing ... of account logon events for success and failure, logon events for failure, ... Look in the Event Viewer on the domain controllers ... (microsoft.public.win2000.security) Re: NT4 & w2k autiding tools needed... ... Windows has built in auditing. ... Account logon is probably most useful for domain controllers or ... logon events record attempts of a user to access network resources. ... (microsoft.public.security) Re: Login Times ... You can enable auditing of account logon events on domain controllers to see when a ... You would need to enable auditing of logon ... member server and not authenticating users to it's local sam. ... Logon events can be ... (microsoft.public.win2000.security) Re: Auditing Logon events on Windows 2003 DC ... >I am trying to monitor logon failures on our domain controllers. ... This article lists the Account Logon events and Audit Logon events ... (microsoft.public.windows.server.active_directory)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint