Does Windows Server 2003 Standard Edition automatically track a user's log on/off history? If it doesn't, can it?
Finally (if it's there of course) how do I access the log?
Thanks in advance.
Elite Member
Does Windows Server 2003 Standard Edition automatically track a user's log on/off history? If it doesn't, can it?
Finally (if it's there of course) how do I access the log?
Thanks in advance.
Last edited by CLEVER_LOGIN_NAME; 06-06-2005 at 10:14 PM.
¨*·.¸ «.·°·..·°·.» ¸.·*¨
Perhaps something here may help:
http://www.microsoft.com/technet/pro...nt/user01.mspx
or a link from the above:
http://www.microsoft.com/windows2000...t/userdata.asp
__________________________
Last edited by jephree; 07-06-2005 at 12:56 AM.
UK site moderator
Windows Event Viewer has a Security section that keeps an audit trail of when users log on and log off. I can't remember if it's switched on by default but you can find Event Viewer under Start > Programs > Administrative Tools
I keep an eye on this every day to check login details (and attempted hacking attempts, which would be indicated by lots of failed logins).
UK site moderator
Obviously "unattempted hacking attempts" don't show up at all, lol!
Elite Member
Originally Posted by DJNafey
Windows Event Viewer has a Security section that keeps an audit trail of when users log on and log off. I can't remember if it's switched on by default but you can find Event Viewer under Start > Programs > Administrative Tools
I keep an eye on this every day to check login details (and attempted hacking attempts, which would be indicated by lots of failed logins).
Thanks for the help!Once I was able to spend some quality time with the server I found the Event Viewer on my own... I really should really RTFM some day.
Speaking of hacking attempts, do I need to worry about Anonymous Logins? I the viewer they’ll be a group of 4, but the first one of the group will have a registered user’s name in the ANONYMOUS LOGIN properties.
UK site moderator
To be completely honest, I haven't quite got my head round why you get those batches of "anonymous" logins yet. However, I'm pretty confident that they aren't anything to worry about - just one of the various "red herrings" that can make a system admin paranoid about nothing! If they occur at the same time every day (or night), then you can tell from that that it's not a hacking attempt and is, instead, something like your overnight backup process running or DNS / DHCP logging on, etc. In any case, I get them too and I do trust my firewall so they don't cause me concern on my server.
If you do find any info about what's causing them, though, I'd be interested to hear about it. Likewise, if I get time to diagnose what's logging the events on my server, I'll let you know
