getting security records from event viewer

  • Thread starter Thread starter biff
  • Start date Start date
B

biff

I need to gain access to logon/logoff records for a particular computer for
the last couple of months.

Hoever, it seems that the default setting is to overwrite events older than
7 days. Is there no way to get access to logon/logoff records if not shown
in the event log?
 
biff said:
I need to gain access to logon/logoff records for a particular
computer for the last couple of months.

Hoever, it seems that the default setting is to overwrite events
older than 7 days. Is there no way to get access to logon/logoff
records if not shown in the event log?
Click to expand...

Not if they have been overwritten.
Sounds like you had your settings wrong for what you might need (or need
now.)
 
biff said:
I need to gain access to logon/logoff records for a particular
computer for the last couple of months.

Hoever, it seems that the default setting is to overwrite events
older than 7 days. Is there no way to get access to logon/logoff
records if not shown in the event log?
Click to expand...
Not if they have been overwritten.
Sounds like you had your settings wrong for what you might need (or
need now.)
Click to expand...
what do you set your max log size at (for a desktop pc or gpo for
desktop pcs)?
Click to expand...

Desktop PCs?

Default - because we determined we had no need for more than that on a local
PC and if someday someone requested data beyond what we logged - it was
already written in our policy that we don't log that much.

I believe that is 20MB and we have it set to overwrite "as needed".
(Security log)
The reason for the custom overwrite setting - otherwise if it filled up - it
would let no one but an admin log on...
 
Back
Top