Enable auditing of account logon events in Domain Controller Security Policy
and then you will see an account logon event when a user logs onto a domain
computer. I would also suggest that you enable auditing of logon events
[different from account logon events] in Domain Security Policy. Then a type
2 logon event will also be generated in the security log of the domain
computer they logon to via the console. You can use the free Event Comb from
Microsoft to remotely search the security logs of domain computers and the
text string search comes in handy because you can enter computer/user name,
etc. --- Steve
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.