Re: trace user logons

From: John (organic_john_at_yahoo.com)
Date: 10/17/03 

Date: Fri, 17 Oct 2003 10:16:07 +0100

thanks for replies folks......
Yeah, i had several of the local audit policies enabled under Domain
Security Policy, but still the security log was empty. I've enabled all of
the local audit policies now, but still nothing is appearing in the security
log. I've checked the filter on the security log, and it is set to show
between the first and last event.

I've gone into Domain Controller Security Policy aswell, and ensured some
auditing was on there. Again, nothing is appearing in the security logs.

any other suggestions?

thanks again
j

www.banwa.com
"Peter" <parvo@REMOVETHISrtc-employment.com> wrote in message
news:Ox8JUe$kDHA.744@tk2msftngp13.phx.gbl...
> Keith is correct. I would highly turn on auditing domain wide, by doing
the
> following from your Win2000 Domain Controller(if you are using something
> other than Windows 2000 the procedure will be different).
>
> Goto Start>Programs>Administrative Tools>Domain Security Policy
>
> Open Security Settings>Local Policy>Audit Policy
>
> Go into each of the policies you want to enable by double clicking on them
> in the right pane, and check the appropriate boxes. I have them all
enabled
> on my server.
>
> Hope this helps...
>
> "Keith W. McCammon" <km@km.com> wrote in message
> news:%23wY2RP$kDHA.2216@TK2MSFTNGP12.phx.gbl...
> > You need to enable auditing on your DC's, which will populate all manner
> of
> > information in the security event logs. Information and how-to's on
> > auditing can be found on TechNet, or in your help file.
> >
> >
> > "John" <organic_john@yahoo.com> wrote in message
> > news:e1J2MI$kDHA.2200@TK2MSFTNGP12.phx.gbl...
> > > thanks in advance for any assistance:
> > >
> > > I'm trying to find out when someone has logged onto our network, i
> > presumed
> > > it would have shown under the even viewer and security log of the
Domain
> > > Controller, but it is empty.
> > >
> > > Is this the correct place to view such info as successful logons or
> > > unseccuessful logons? If so, any suggestions as to why they are not
> > showing.
> > >
> > > If this is not the correct place to view this data, where should i be
> > > looking.
> > >
> > > regards
> > > john
> > >
> > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: trace user logons
    ... Check to see what the "Effective Setting" is under the "Audit Policy" on one ... of your servers or workstations. ... i had several of the local audit policies enabled under Domain ... I've checked the filter on the security log, and it is set to show ...
    (microsoft.public.windows.server.security)
  • Re: Authentication Auditing
    ... > only show in the security log of the domain computer itself - not the ... > it indeed does show that auditing of logon events is enabled for success ... It is enabled but the effective setting dispalys as "No Auditing". ...
    (microsoft.public.win2000.security)
  • Re: Logging IP address when Administrator logs in
    ... If you enable auditing of account logons in Domain Controller Security policy it will ... computers it will record a logon event in the security log of the computer that the ... administrators account on domain computers they need to manage. ...
    (microsoft.public.win2000.security)
  • Re: Audit Failures/READ_CONTROL SYNCHRONIZE
    ... You're auditing File and Object Access; you've enabled Auditing on the files ... and you're complaining about audit events ... You can't mask events out of the security log in Event Viewer. ... > Client Domain: HEX21 ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: Monitor User Remotely.
    ... activity, auditing of process tracking on ... remotely via administrator share, and folder files have creation timestamps ... he can clear the security log. ... > Is there any way we can remotely monitor him, ...
    (microsoft.public.win2000.security)