wkstation interactive logon recorded on DC?

[Guest]

How can I tell when users interactively log on to their desktops by checking
the DC event logs?

 

[Steven L Umbach]

Enable auditing of account logon events in Domain Controller Security Policy
and then you will see an account logon event when a user logs onto a domain
computer. I would also suggest that you enable auditing of logon events
[different from account logon events] in Domain Security Policy. Then a type
2 logon event will also be generated in the security log of the domain
computer they logon to via the console. You can use the free Event Comb from
Microsoft to remotely search the security logs of domain computers and the
text string search comes in handy because you can enter computer/user name,
etc. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308471 --- Event
Comb.
http://www.microsoft.com/technet/se...andmonitoring/securitymonitoring/default.mspx
--- The Security Monitoring and Attack Detection Planning Guide