Logon Statistics
Hello, I need to have a view with the number of logged users to Domain Controllers with the peaks and variations. is it an existing view? Performance counter? logins/sec? Should I do it by using the Netlogon.log file? Thanks, Dom System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager
February 13th, 2013 5:24am
Hello, ACS is installed and I checked the reports but it does not show what I need. I will see if I could customized a summary report. I will try the Event ID 4624 as our Domain Controllers are Windows Server 2008 & Windows Server 2008 R2. Thanks, Dom System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager
Free Windows Admin Tool Kit Click here and download it now
February 13th, 2013 10:12am
I believe you have to create your own report. Can't remember any out-of-the-box reports that can count logons.http://OpsMgr.ru/
February 13th, 2013 10:55am
Hi, the only way I know is: - Collect audit logon events from every DC - Write a report that will query for this events and count it It's definitely work for ACS.http://OpsMgr.ru/
Free Windows Admin Tool Kit Click here and download it now
February 13th, 2013 1:14pm
Hello, The Event ID 4624 should it be traced by a Rule in Windows Server 2008 Operating System or in Windows Server 2008 Computer? Thanks, DomSystem Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager
February 13th, 2013 5:35pm
Hello Dom, No, it shouldn't. 4624 is the logon event, you can track the attempts to access a computer (network logons, RDC connections, local logons etc). You need to track 'account logon' events. When somebody (user\service\computer) is trying to authenticate itself using a some sort of account database (Active Directory, SAM) Windows is logging 'account logon' events. Check this event: http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4768 and this http://technet.microsoft.com/ru-ru/library/dd772679(v=ws.10).aspx http://OpsMgr.ru/
Free Windows Admin Tool Kit Click here and download it now
February 13th, 2013 10:17pm
Hello Dom, No, it shouldn't. 4624 is the logon event, you can track the attempts to access a computer (network logons, RDC connections, local logons etc). You need to track 'account logon' events. When somebody (user\service\computer) is trying to authenticate itself using a some sort of account database (Active Directory, SAM) Windows is logging 'account logon' events. Check this event: http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4768 and this http://technet.microsoft.com/ru-ru/library/dd772679(v=ws.10).aspx http://OpsMgr.ru/
February 14th, 2013 6:11am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics