Re: Record User Logon/Logoff with Computer Name + Username


google security templates..
NIST has some, NSA and Microsoft has some too depending on your needs.
Try these..

http://www.windowsecurity.com/articles/Understanding-Windows-Security-Templates.html

http://csrc.nist.gov/itsec/download_W2Kpro.html

http://csrc.nist.gov/itsec/guidance_W2Kpro.html

http://www.sans.org/resources/policies/

http://www.nsa.gov/forms/site_search_action.cfm







On Fri, 17 Feb 2006 09:25:27 -0800, mem0ri
<mem0ri@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

We're running a Windows 2000 server to which many workstations logon
throughout the day. The boss would like a record of all remote access
successes with a record of the a)incoming computer name, b)username c)logon
time and logoff time.

I have been attempting to run a record through the Event Viewer and have:

1)Been able to successfully record "Account Logon Events" (672) but these
only give me the username that logged on and the time of initial logon.
Additionally, to get the information I have to look at the "properties" of
each event...as the user is inherently "SYSTEM" when listed in the main Event
Log.
This Method is missing: Incoming Computer Name, Logoff Time.

2)Been able to successfully record network Logon/Logoff events (540, 538),
though these occur in the thousands (yesterday there were about 18000 of
these events) and provide me with virtually no useful information (a logoff
occurs virtually simultaneously with a logon when you compare ticket ids).
Additionally, though a username is recorded...there is no computer name or
reliable way to track times.

It is my understanding that the Security Event Viewer is meant to record
things like Account Logons and Logoffs...but nothing seems to be working.

For a short while, I managed to get 682/683 events whenever we tested a VPN
access...though those events aren't directly related to a remote access, they
did record a username and computer name and time of logon. However...it
seems getting these events to show up was more of an accident than an actual
recurring and reliable event.

I am desperate for help. Answer needed:

1)Username and Computer logged on and Time
2)Username and Computer logged off and Time

That's all I need. Can it really be that difficult...heh...(it apparently
is for me...)



9/11
Never Forget
.

Relevant Pages

  • Re: Record User Logon/Logoff with Computer Name + Username
    ... the templates on Win2000 Servers. ... only give me the username that logged on and the time of initial logon. ... Incoming Computer Name, Logoff Time. ... occurs virtually simultaneously with a logon when you compare ticket ids). ...
    (microsoft.public.win2000.security)
  • Re: Record User Logon/Logoff with Computer Name + Username
    ... While auditing logon successes can ... only give me the username that logged on and the time of initial logon. ... Incoming Computer Name, Logoff Time. ... 2)Been able to successfully record network Logon/Logoff events, ...
    (microsoft.public.win2000.security)
  • RE: Windows2000 Security event logs
    ... field really populated with the datum username or is ... Subject: Windows2000 Security event logs ... Special privileges assigned to new logon: ... Logon Type: 3 ...
    (Security-Basics)
  • Re: how to pass nt password ?
    ... i logon in xp, run the service locally on xp1 local machine. ... reach out to other machines having similar services and check whether it is ... f) the logonuser fucntion requires username, ... > with the minimum credentials required to operate). ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Password access for folders over network
    ... the network logon always uses the currently logged on user ... but you *can* get it to prompt for the password. ... username, ...
    (microsoft.public.windowsxp.security_admin)