Auditing with 2000 Server and AD

[Daniel]

I'm currently running a 2000 server box here. I wanted to setup auditing of the users of the AD domain for login/logout times. I tried to do it with the domain security policy editor. I checked "Audit login events" for both success and failure, I then logged a few workstations in and out a few times. But after that I still didn't see anything in the security area of the event viewer, what am I missing?

Also after I get this working, is there any way to print all this out or track it any differently than just scrolling through the event viewer?

Thanks,
Daniel

 

[stash]

Not sure how to do it with AD, but with a standalone server, you would do it through the local security policy.

 

[Woodie]

To audit Domain User logons/logoffs:
1. Start an MMC console, add in the GPO tool, selecting the "Default Domain Policy" from the root of the domain.
2. Under Computer settings, navigate to: Computers -> Windows -> Security -> Local Policies -> Audit Policies.
3. Define the policies as you would like. Note: If you select the Directory Service auditing, the DCs will fill very rapidly, as this logs every LDAP query to the AD.
4. Under Computer settings, navigate to: Computers -> Windows -> Security -> Event Log -> Settings for Event Logs.
5. Define the event log settings as you wish. Note: Be very careful of the "Overwrite by Days" setting..if your log is filling too rapidly, it will log for a few days, then not log (because it's full), and then start up again.
6. Exit out, and when machines reboot, they'll pick up the new policy.