tracking domain logons

  • Thread starter Thread starter hal
  • Start date Start date
H

hal

Sorry if this is a newbie question, but I recently inherited an AD
domain and am still figuring this all out...

How can I determine user logons to a domain? Event viewer security
shows local logons to the server, shares shows users logged on to that
share, AD users/computers shows when the account was last modified,
but I am not seeing where I can look at my users list and see when
they were logged on last. I have auditing enabled for account logon
but nothing is showing up in my event viewer.

Thanks,

Hal
 
If you set Auditing policy to audit logon/logoff activity in your Domain
Controler Security Policy, then your Domain Controler will log all users
logon/logoff activity for the domain accounts.

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com
 
If you set Auditing policy to audit logon/logoff activity in your Domain
Controler Security Policy, then your Domain Controler will log all users
logon/logoff activity for the domain accounts.
Click to expand...

Thanks for the response.

In my Default Domain Policy, Local Policies, Audit Policy, I have
Audit account logon events, Audit account management, and Audit logon
events all set to success,failure. Per the MCSE training kit Win 2k
AD services book I did a: secedit /refreshpolicy machine_policy

and got:

"Group policy propagation from the domain has been initiated for this
computer it may take a few minutes for the propagation to complete and
the new policy take effect. Please check Application Log for errors,
if any."

Still nothing in event viewer/security. I am on SP2. There were some
issues with SP2 on event logging of audit changes, but they don't seem
to apply to user account logons. I am planning on getting up to SP4
ASAP but was hoping someone could tell me if I was missing something
else. I can't find any articles an issue like this.

Any suggestions greatly appreciated.

Thanks again.

Hal
 
Thanks for the response.

In my Default Domain Policy, Local Policies, Audit Policy, I have
Audit account logon events, Audit account management, and Audit logon
events all set to success,failure. Per the MCSE training kit Win 2k
AD services book I did a: secedit /refreshpolicy machine_policy
Click to expand...
I found the docs and realized I should be setting auditing in the
group policy of the domain controllers not the default domain group
policy. It seems to be working now.

Thanks,

Hal
 
That is why I said, that look into your Domain Controler Security Policy :-)

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com
 
Back
Top