The problem I have seen is that the DC security logs do not show which workstation someone authenticated from. You should be able to find out when user x authenticated from the security logs (depending on your event log size as well as how fast logs are overwritten). You can use the filter view for the specific username IF said user actually logged onto and authenticated to your network. If someone decided to bring in a personal computer and just plugged in, well, that's a different story. How many computers at the remote site? Any chance of pulling a copy of their event logs and looking at them? Interactive logons are only logged on the machine that was logged on to, AFAIK. There are lots of options here, this is just a start.
James Winzenz Infrastructure Engineer - Security Pulte Homes Information Services ________________________________ From: Joe Heaton [mailto:[EMAIL PROTECTED] Posted At: Friday, February 01, 2008 9:44 AM Posted To: NTSysadmin Conversation: Tracking user logins Subject: Tracking user logins I would like to be able to see when User X logged into the network. I'd also like to see on Date Y, who logged into the network, and at what time. Here's what I'm looking at: I get automated router bandwidth reports from our ISP on a monthly basis. At one of our remote sites, there is a huge inbound traffic spike on a couple of weekend days. We don't work on the weekend, so I'd like to try to figure out where these spikes came from. I've looked at the Security log on my DC, but that's about as helpful as, well I'm Shook could come up with a funny line there... anyway, does the Security log track the information I'm looking for, and if so, how can I actually get to it? Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
