wkstation interactive logon recorded on DC?

G

Guest

How can I tell when users interactively log on to their desktops by checking
the DC event logs?
 
S

Steven L Umbach

Enable auditing of account logon events in Domain Controller Security Policy
and then you will see an account logon event when a user logs onto a domain
computer. I would also suggest that you enable auditing of logon events
[different from account logon events] in Domain Security Policy. Then a type
2 logon event will also be generated in the security log of the domain
computer they logon to via the console. You can use the free Event Comb from
Microsoft to remotely search the security logs of domain computers and the
text string search comes in handy because you can enter computer/user name,
etc. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308471 --- Event
Comb.
http://www.microsoft.com/technet/se...andmonitoring/securitymonitoring/default.mspx
--- The Security Monitoring and Attack Detection Planning Guide
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Event ID# on Domain Controllers for workstation interactive logon 4
auditing logons - someone please clear this #@#$! up. 3
Auditing Logons and Logoffs 1
Interactive logon 3
Local Security Policy on a DC 6
logon interactively 1
Audit Logons 1
Excessive Logon Failures 1

Top