How to find out what computer a user logged in on.

Archived from groups: microsoft.public.win2000.security (More info?)

I need to know how to find out what computer a user logged in on.
I've looked in the Security Event Log, and I see there's a field for
it. But, there's no information in that field. It's almost always
blank.
Also, how can I find out what computer(s) a user is currently
logged in on? I have the Windows 2000 Resource Kit, but I haven't
seen a tool in there that will tell me. Any help you can give is
greatly appreciated.
2 answers Last reply
More about find computer user logged
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    For a domain your best bet is to enable auditing of logon events in Domain
    Controller Security Policy and for domain computers enable auditing of logon
    events in Domain Security Policy. Be sure to increase the size of your
    security log quite a bit on your domain controllers to sat at least 10MB.
    You would then have to look in the security logs of the domain controllers
    to see the user name and account logon events. There would also be a logon
    event recorded on the domain computer where they logged on though that would
    be more difficult to find though the free tool Event Comb can scan the logs
    of multiple computers for specific events or text strings such as a user or
    computer name. If you have at least one Windows 2003 domain controller you
    can use the new limitlogon RK tool to track user logons. The link below may
    help. -- Steve

    http://www.microsoft.com/technet/security/prodtech/windows2000/secmod144.mspx
    http://www.thincomputing.net/newsitem296.html -- limitlogon info and FAQ
    link

    <Atlanta Thrashers Fan> wrote in message
    news:95vf61hc3cod07uq8hp2s8vk7uigf5m238@4ax.com...
    > I need to know how to find out what computer a user logged in on.
    > I've looked in the Security Event Log, and I see there's a field for
    > it. But, there's no information in that field. It's almost always
    > blank.
    > Also, how can I find out what computer(s) a user is currently
    > logged in on? I have the Windows 2000 Resource Kit, but I haven't
    > seen a tool in there that will tell me. Any help you can give is
    > greatly appreciated.
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Steven L Umbach wrote:
    > For a domain your best bet is to enable auditing of logon events in Domain
    > Controller Security Policy and for domain computers enable auditing of logon
    > events in Domain Security Policy. Be sure to increase the size of your
    > security log quite a bit on your domain controllers to sat at least 10MB.
    > You would then have to look in the security logs of the domain controllers
    > to see the user name and account logon events. There would also be a logon
    > event recorded on the domain computer where they logged on though that would
    > be more difficult to find though the free tool Event Comb can scan the logs
    > of multiple computers for specific events or text strings such as a user or
    > computer name. If you have at least one Windows 2003 domain controller you
    > can use the new limitlogon RK tool to track user logons. The link below may
    > help. -- Steve
    >
    > http://www.microsoft.com/technet/security/prodtech/windows2000/secmod144.mspx
    > http://www.thincomputing.net/newsitem296.html -- limitlogon info and FAQ
    > link
    >
    > <Atlanta Thrashers Fan> wrote in message
    > news:95vf61hc3cod07uq8hp2s8vk7uigf5m238@4ax.com...
    >
    >> I need to know how to find out what computer a user logged in on.
    >>I've looked in the Security Event Log, and I see there's a field for
    >>it. But, there's no information in that field. It's almost always
    >>blank.
    >> Also, how can I find out what computer(s) a user is currently
    >>logged in on? I have the Windows 2000 Resource Kit, but I haven't
    >>seen a tool in there that will tell me. Any help you can give is
    >>greatly appreciated.
    >
    >
    >
    We use EventComb for just that purpose, and we find it works well for
    us. We often need to find out who was where when, the only thing is you
    must either have a big enough event log or act fast (as Steven indicated)
Ask a new question

Read More

Security Computers Windows