VMware Cloud Community
mikergvh
Contributor
Contributor
‎09-23-2014 08:58 AM

login audit/log

we have a pool of floating workstations,  I have been getting reports of high blocked sites (up to 1 million times in one day) that come from a couple of  workstations each day, and always a different station.  Since they are floating and not dedicated stations I was wondering if there is a way to have a log/audit of who has logged in on what machines and when during the day?

0 Kudos
2 Replies
rcporto
Leadership
Leadership
‎09-23-2014 07:31 PM

Create a GPO to Audit Logon Events on workstations like this: How To See Who Logged Into a Computer and When

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
0 Kudos
Netwrix
Enthusiast
Enthusiast
‎09-30-2014 06:31 AM

You need to enable logon audit first Run GPMC.msc on your domain controller > open “Default Domain Controllers Policy” > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy: Audit account logon events > Define > Success and Failure Then open event log and look for 4624 – Login succeeded related to the workstations that you need. Also event id 4771 can help with that.

0 Kudos