Re: Seeking location of User Log-in Log (Event viewer)
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Sat, 17 Mar 2007 05:00:01 -0700
If you enable this in the Auditing section of a group policy
object that impacts the domain controllers, then for each
login using a domain account there will be a record in the
event log of the domain controller that handled the login.
You still need to look at multiple event logs as you likely
have multiple domain controllers. Also, success auditing
of login events can generate a lot of log events if the domain
is of any size / activity, so this may not be the solution that
you want since you would need to read the logs in a script
or with a log read tool like LogParser due to the size.
"Jaded in Cali" <JadedinCali@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D0099F63-DA0F-442D-9040-2C0E058EDAFF@xxxxxxxxxxxxxxxx
Logic says that somewhere in the architecture of the windows server
environment is a record of everyone who has logged onto the network,
including times and dates. I just cannot find it.
I teach high school in Northern California am trying to chase down
students
who are mis-using the network. I can locate the machine the abusive
messages
came from, but there are sometimes hundreds of profiles in Documents and
Settings on the local machines. Searching them individually to locate the
abuser through evidence like cookie set times or file change times is
prohibitive.
Can someone tell me where the server stores the records of secure log-ins
that use Active Directory? It would greatly cut down my time playing
detective.
Thank you.
--j
.
- Prev by Date: Account Isolation
- Next by Date: Re: Account Isolation
- Previous by thread: Account Isolation
- Next by thread: Re: Auto Archive Outlook
- Index(es):
Relevant Pages
|
|
