Server 2003 + log on/off tracking

  ashodd 10:52 25 Apr 2008


I've been looking into trackng the users on the a network - specifically i need to track when users log on and off and if possible when a user locks their computer ?

I have been reading up on the process and it looks like it is done through domain security settings - in Audit Policy.

At first i thought this could be done through Event Viewer but i soon noticed that only reported on the local machine (the server). So far i've only found my way to "Domain Secuirty Policy" under the Administrator Tools but i can not see how to set or view the logs created ...

any help out there ?? or anybody know of better ways to view log on details for domain accounts >?


  Ditch999 11:04 25 Apr 2008

Not sure about Server2003 but 2000 has a security log (as does XP) and is accessed through Event Viewer. You might have to use a Microsoft Management Console snap in or enable logging first though.

  Ditch999 11:10 25 Apr 2008

And here's a little light bedtime reading for you!
click here

  Ditch999 11:33 25 Apr 2008

This is how to log Domain events in XP. Hopefully Server2003 is similar.

To turn on security logging for a domain controller
Open Active Directory Users and Computers.
In the console tree, click Domain Controllers.

Where to find it:
Active Directory Users and Computers
domain name
Domain Controllers

Click Action, and then click Properties.
On the Group Policy tab, click the policy you want to change, and then click Edit.
In the Group Policy window, in the console tree, click Audit Policy.

Where to find it:
Computer Configuration
Windows Settings
Security Settings
Local Policies
Audit Policy

In the details pane, double-click the attribute or event you want to audit.
In Properties, click the options you want, and then click OK.
Repeat steps 6 and 7 for other events you want to audit.

To open Active Directory Users and Computers, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
The security log is limited in size. Select the events to be audited carefully, and consider the amount of disk space you are willing to devote to the security log.
If security auditing has been enabled on a remote computer, you can view the event logs remotely with Event Viewer. Open the MMC console in author mode and add Event Viewer to the console. When prompted to specify which computer the snap-in will manage, click Another computer and enter the name of the remote computer.
Security auditing for workstations, member servers, and domain controllers can be enabled remotely only by domain administrators. To do this, create an organizational unit, add the desired computer account or accounts to the organizational unit, and then, using Active Directory Users and Computers, create a policy to enable security auditing. Use the same procedures for turning on security logging for a domain controller except instead of clicking Domain Controllers in the console tree, click domain name.

  ashodd 13:14 25 Apr 2008

Thanks very much Ditch999 ! thats done what i wanted. :)

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Dell XPS 13 9370 (2018) review

No need to scan sketches into your computer with Moleskine's new smart pen

How to use 3D Touch on iPhone

Comment importer des contacts d’un iPhone à un autre iPhone ?