Discussion in 'Active Directory' started by inenewbl, Apr 11, 2006.

  1. inenewbl

    inenewbl Guest

    Hi all. My office has a domain and would like to keep track of users logging
    in and off from our windows 2003 domain controller. I noticed when a domain
    user log on to domain it shows the computer name in user column of security
    log under event viewer. When i double click this event, it does not show
    which user log on. Is there a way to set such that when a domain user login
    to domain, it would reflect the username in security log? Thks in advance.
    inenewbl, Apr 11, 2006
  2. You can track this information via auditing, but it is troublesome and
    generally not very accurate. The reason being is that an interactive logon
    isn't a logon to the domain. It is a logon to a workstation using
    credentials stored in the domain. Basically, you verify your identity with
    the LSA of the computer that you pressed Ctrl+Alt+Del on.

    Also, a disconnection from the network, e.g. standby, hibernation, doesn't
    constitute a logoff event.

    A better, but again not totally accurate, way of logging this information is
    via logon and logoff script. The scripts should write to a database of some
    kind. One way of implementing this, without a huge amount of effort, would
    be to download and install LimitLogon from Microsoft and tweak the scripts
    so that you simply monitor the logons as opposed to actually stop them from
    occurring on more than one system at any given time.
    Paul Williams [MVP], Apr 11, 2006
  3. inenewbl

    inenewbl Guest

    Hi Paul,
    thks for your reply. But i could not find this tool in microsoft website
    when i do a search. Is it still available? If so can you provide me the link.
    Thk you
    inenewbl, Apr 11, 2006
