Re: Event viewer Login and logoff

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 11/23/04

• Next message: Phil McNeill: "Re: port blocking on Windows 2000/2003 servers"
• Previous message: Steven L Umbach: "Re: port blocking on Windows 2000/2003 servers"
• In reply to: frank: "Re: Event viewer Login and logoff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 23 Nov 2004 13:42:35 -0600

For domain logons you need to enable auditing of "account logon events" in
Domain Controller Security Policy. You should then be able to see the
computers they logged onto the domain from. --- Steve

"frank" <fjlopez@nospam.com> wrote in message
news:O38LpdY0EHA.1408@TK2MSFTNGP10.phx.gbl...
> yeah domain logins... it doesn't have the computer name listed they logged
> in from login aduit is enabled.success and failures. Under security event
> 540 it has the time stamp and the ip address but not the computer the user
> logged in from. i know i can llok at my dhcp and see what ip address was
> assigned but why isn't the workstation name there.
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:er$9d0N0EHA.424@TK2MSFTNGP14.phx.gbl...
>> If you are talking domain logons then you also want to enable account
>> logon events in Domain Controller Security Policy. If you mean type three
>> network logons to a computer for share access, etc check all the logon
>> events as there probably will be more than one grouped by the same or
>> nearly same timestamp [within a few seconds]. --- Steve
>>
>>
>> "frank" <fjlopez@hotmail.com> wrote in message
>> news:uXhS0TlzEHA.748@TK2MSFTNGP14.phx.gbl...
>>>I have been auditing login and log off events and it doesn't log the
>>>compter name in the events. how can i get this to happen.
>>>
>>
>>
>
>

---

• Next message: Phil McNeill: "Re: port blocking on Windows 2000/2003 servers"
• Previous message: Steven L Umbach: "Re: port blocking on Windows 2000/2003 servers"
• In reply to: frank: "Re: Event viewer Login and logoff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: How would you log logins? ... Account logons do ... not have "logoff" events, and are logged on the machine that validated the ... What is the difference between Account Logons or Logon events.? ... >> Administrative Tools, Local Security Policy. ... (microsoft.public.win2000.security) Re: Event viewer Login and logoff ... If you are talking domain logons then you also want to enable account logon ... events in Domain Controller Security Policy. ... If you mean type three network ... (microsoft.public.windows.server.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)