How can I log user logon/logoff time only on domain controller or workstations running windows 2000

  • Thread starter Thread starter Oliver
  • Start date Start date
O

Oliver

Greetings,

I am an admin of a LAN with Windows 2000 server sp3 as the domain
controller and windows 2000 professional sp3 as workstations (joined a
domain). The current security log on the domain controller records
users' logging activities together with all connection efforts from
all workstations every few minutes. The security log takes too much
valuable server space.

Is there a way to log users' logon/logoff time only without too much
connection details from time to time?

Alternatively can I log user activities to workstations instead of the
domain controller? I tried enabling auditing policies for workstations
and for domain users in "Active Directory Users and Computers", but no
activities were logged on the workstations. How should I set up?

Thanks. Have a nice day!
 
Audit Logon/Logoff success events. The logon (528/540) and logoff (538)
events can be correlated on the logon ID field.

Eric

--
Eric Fitzgerald
Program Manager, Windows Auditing
Microsoft Corporation

The above message is provided "AS-IS" with no warranties, and confers no
rights.

Steven Umbach said:
You can not "selectively" audit certain events, but you can use the
filtering view in Event Viewer to narrow your search or use something like
Eventcomb [free from Microsoft]. Try enabling auditing of "log on events" on
the workstations via Local Security Policy or at domain/OU security policy
level. You might also want to put in another drive to use to store the Event
Viewer logs.--- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;216169
http://www.win2000mag.net/Articles/Index.cfm?ArticleID=27132

Oliver said:
Greetings,

I am an admin of a LAN with Windows 2000 server sp3 as the domain
controller and windows 2000 professional sp3 as workstations (joined a
domain). The current security log on the domain controller records
users' logging activities together with all connection efforts from
all workstations every few minutes. The security log takes too much
valuable server space.

Is there a way to log users' logon/logoff time only without too much
connection details from time to time?

Alternatively can I log user activities to workstations instead of the
domain controller? I tried enabling auditing policies for workstations
and for domain users in "Active Directory Users and Computers", but no
activities were logged on the workstations. How should I set up?

Thanks. Have a nice day!
Click to expand...
Click to expand...
 
Back
Top