Search Tools Links Login

Tracking User Logons


To track user logins across a Windows Active Directory Domain, you can use the built-in Event Viewer tool. This tool allows you to view and filter event logs on a domain controller.

To access the Event Viewer:

To enable auditing:

Note: This will only track logins on domain-joined computers, not on non-domain joined devices.

If there are multiple domain controllers in your Active Directory environment, it is important to ensure that the event logs on all of them are being collected and consolidated in a central location. This can be done using a tool called "Event Forwarding."

Event Forwarding

Event Forwarding allows you to configure a domain controller to forward event logs to a central server for collection and analysis. Here are the basic steps to set up Event Forwarding:

This will ensure that all security event logs from all domain controllers are collected and stored on the central server, allowing you to track user logins across the entire domain from one location.

Additionally, you can use third-party tools such as Microsoft's Sysmon, Windows Event Forwarding, and SIEM solutions like Splunk, to help you in the process of collecting, analyzing, and visualizing the logs across multiple domain controllers.

About this post

Posted: 2023-01-19
By: dwirch
Viewed: 197 times

Categories

Active Directory

Windows

Attachments

No attachments for this post


Loading Comments ...

Comments

No comments have been added for this post.

You must be logged in to make a comment.