2008 audit
i need to get user log on and log off details of users using Active directory service.
i can get the log on using TGT. and i know that AD does not keep record of log off event.
but i can see a Kerberos SGT occur when log off.
why is that?
Is it ok to use it as log off event
June 27th, 2012 5:59am
Hi,
Thanks for posting in Microsoft TechNet forums.
We can audit it by using scripts:
Audit User Logon and Logoff
http://blogs.technet.com/b/configmgrdogs/archive/2008/09/25/audit-user-logon-and-logoff.aspx
And here are some links for your reference:
Audit Logoff
http://technet.microsoft.com/en-us/library/dd941621(v=ws.10).aspx
Audit Other Logon/Logoff Events
http://technet.microsoft.com/en-us/library/dd772658(v=ws.10).aspx
Also here is an article which can help us understanding Kerberos:
Using Kerberos
http://www.fnal.gov/docs/strongauth/user.html
(Note: Since the site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)
Regards
Kevin
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2012 1:18am