Server 2003 + log on/off tracking

  ashodd 10:52 25 Apr 08


I've been looking into trackng the users on the a network - specifically i need to track when users log on and off and if possible when a user locks their computer ?

I have been reading up on the process and it looks like it is done through domain security settings - in Audit Policy.

At first i thought this could be done through Event Viewer but i soon noticed that only reported on the local machine (the server). So far i've only found my way to "Domain Secuirty Policy" under the Administrator Tools but i can not see how to set or view the logs created ...

any help out there ?? or anybody know of better ways to view log on details for domain accounts >?


  Ditch999 11:04 25 Apr 08

Not sure about Server2003 but 2000 has a security log (as does XP) and is accessed through Event Viewer. You might have to use a Microsoft Management Console snap in or enable logging first though.

  Ditch999 11:10 25 Apr 08

And here's a little light bedtime reading for you!
click here

  Ditch999 11:33 25 Apr 08

This is how to log Domain events in XP. Hopefully Server2003 is similar.

To turn on security logging for a domain controller
Open Active Directory Users and Computers.
In the console tree, click Domain Controllers.

Where to find it:
Active Directory Users and Computers
domain name
Domain Controllers

Click Action, and then click Properties.
On the Group Policy tab, click the policy you want to change, and then click Edit.
In the Group Policy window, in the console tree, click Audit Policy.

Where to find it:
Computer Configuration
Windows Settings
Security Settings
Local Policies
Audit Policy

In the details pane, double-click the attribute or event you want to audit.
In Properties, click the options you want, and then click OK.
Repeat steps 6 and 7 for other events you want to audit.

To open Active Directory Users and Computers, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
The security log is limited in size. Select the events to be audited carefully, and consider the amount of disk space you are willing to devote to the security log.
If security auditing has been enabled on a remote computer, you can view the event logs remotely with Event Viewer. Open the MMC console in author mode and add Event Viewer to the console. When prompted to specify which computer the snap-in will manage, click Another computer and enter the name of the remote computer.
Security auditing for workstations, member servers, and domain controllers can be enabled remotely only by domain administrators. To do this, create an organizational unit, add the desired computer account or accounts to the organizational unit, and then, using Active Directory Users and Computers, create a policy to enable security auditing. Use the same procedures for turning on security logging for a domain controller except instead of clicking Domain Controllers in the console tree, click domain name.

  ashodd 13:14 25 Apr 08

Thanks very much Ditch999 ! thats done what i wanted. :)

This thread is now locked and can not be replied to.

LG G6 review: Hands-on with LG’s bold, big-screen shot at perfection

1995-2015: How technology has changed the world in 20 years

How the 2017 Oscar-winning VFX of The Jungle Book were created

The 22 best Safari extensions | Best Safari plugins: Improve Apple's Safari web browser with these…