S
Steve
I recently enabled "Audit Log On Events" on my domain.
I did it 'cause a recent termination and I wanted to see
if this person would even attempt to log in after
terminated and soon after I wanted to check for unusual
log on failures.
As I was checking the security log I notices that my user
account was popping up as log on and then log back off and
other accounts as well. I keep a very strick password
policy for my self, I change it every month and it is
always at least 12 alfanumeric caracters.
Could this be because Outlook was running on my machine at
the time?
How can I acurately audit log ons and offs on the network
by users? Is there a way to log user log ons to the
network in a clean manner?
I have two DCs, why some events show in one but not the
other?
Thanks for the help.
I did it 'cause a recent termination and I wanted to see
if this person would even attempt to log in after
terminated and soon after I wanted to check for unusual
log on failures.
As I was checking the security log I notices that my user
account was popping up as log on and then log back off and
other accounts as well. I keep a very strick password
policy for my self, I change it every month and it is
always at least 12 alfanumeric caracters.
Could this be because Outlook was running on my machine at
the time?
How can I acurately audit log ons and offs on the network
by users? Is there a way to log user log ons to the
network in a clean manner?
I have two DCs, why some events show in one but not the
other?
Thanks for the help.