Seeking location of User Log-in Log (Event viewer)

Seeking location of User Log-in Log (Event viewer)

Post by SmFkZWQgaW » Wed, 14 Mar 2007 09:37:08


Logic says that somewhere in the architecture of the windows server
environment is a record of everyone who has logged onto the network,
including times and dates. I just cannot find it.

I teach high school in Northern California am trying to chase down students
who are mis-using the network. I can locate the machine the abusive messages
came from, but there are sometimes hundreds of profiles in Documents and
Settings on the local machines. Searching them individually to locate the
abuser through evidence like cookie set times or file change times is
prohibitive.

Can someone tell me where the server stores the records of secure log-ins
that use Active Directory? It would greatly cut down my time playing
detective.

Thank you.

--j
 
 
 

Seeking location of User Log-in Log (Event viewer)

Post by Roger Abel » Sun, 18 Mar 2007 21:00:01

If you enable this in the Auditing section of a group policy
object that impacts the domain controllers, then for each
login using a domain account there will be a record in the
event log of the domain controller that handled the login.
You still need to look at multiple event logs as you likely
have multiple domain controllers. Also, success auditing
of login events can generate a lot of log events if the domain
is of any size / activity, so this may not be the solution that
you want since you would need to read the logs in a script
or with a log read tool like LogParser due to the size.