The problem I have seen is that the DC security logs do not show which
workstation someone authenticated from.  You should be able to find out
when user x authenticated from the security logs (depending on your
event log size as well as how fast logs are overwritten).  You can use
the filter view for the specific username IF said user actually logged
onto and authenticated to your network.  If someone decided to bring in
a personal computer and just plugged in, well, that's a different story.
How many computers at the remote site?  Any chance of pulling a copy of
their event logs and looking at them?  Interactive logons are only
logged on the machine that was logged on to, AFAIK.  There are lots of
options here, this is just a start.

 

James Winzenz

Infrastructure Engineer - Security

Pulte Homes Information Services

 

________________________________

From: Joe Heaton [mailto:[EMAIL PROTECTED] 
Posted At: Friday, February 01, 2008 9:44 AM
Posted To: NTSysadmin
Conversation: Tracking user logins
Subject: Tracking user logins
  

 

I would like to be able to see when User X logged into the network.  I'd
also like to see on Date Y, who logged into the network, and at what
time.

 

Here's what I'm looking at:

 

I get automated router bandwidth reports from our ISP on a monthly
basis.  At one of our remote sites, there is a huge inbound traffic
spike on a couple of weekend days.  We don't work on the weekend, so I'd
like to try to figure out where these spikes came from.  I've looked at
the Security log on my DC, but that's about as helpful as, well I'm
Shook could come up with a funny line there... anyway, does the Security
log track the information I'm looking for, and if so, how can I actually
get to it?

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

[EMAIL PROTECTED] 

CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged 
material for the sole use of the intended recipient(s).  Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer.  
Thank you.

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Reply via email to