Pages

Tuesday, August 21, 2012

Audit Logon Times with Windows Server 2003 Group Policy

You can use Windows Group Policy to track employee log in times. Here I will show you how to enable log in auditing using a Windows Domain and Group Policy Objects (GPO).

For this you need follow me in the steps below:

* First: we need create a new Policy and Configure Enable auditing in your Policy.
  1. Click Start > Administrative Tools > Active Directory Users and Computers.
  2. In  "Active Directory Users and Computers" open window, right click on name of you Domain, and click on Properties.
  3. In the new open window, click Group Policy tab, click on Open.. button.
  4. In the "Group Policy Management", click to expand your domain.
  5. Right click in "Group Policy Objects", and click on New.
  6. In "New GPO" open window type the name of the new Policy, and click OK.
  7. Expand "Group Policy Objects", right click on the new created policy, and click to Edit.
  8. Click to expand Computer Configuration > Windows Settings > Security Settings > Local policy.
  9. Click to select Audit Policy.
  10. In the right panel double click on "Audit account logon events".
  11. In the "Audit account logon events" open windows click to check boxes "Success" and "Failure", then click OK.
  12. Now double click on "Audit logon events".
  13. In the "Audit logon events" open windows click to check boxes "Success" and "Failure", then click OK.
  14. Close The Group Policy Object Editor window.
* Audit account logon events: This secutity setting determines whether to audit each instance of a user logging on to or logging off from another computer in wich this computer is used to validate the account.

* Audit logon events: this security setting determines whether to audit each instance of a user logging on to or logging off from a computer.

Now you need will be assigning the policy to an Organizational Unit (OU) containing the computers we wish to have under the policy. For this follow the steps below.
  1.  Click Start > Administrative Tools > Active Directory Users and Computers.
  2. In  "Active Directory Users and Computers" open window, right click on (OU) what do you want to apply the security setting, and click in Properties.
  3. In the new open window, click Group Policy tab, click on Open.. button.
  4. In the "Group Policy Managenet" open window is select the (OU), right click in it and select "Link an Existing GPO...".
  5. Now in "Group Policy objects:" select the new policy created in the first step in this tutorial, and click OK.
  6. Now in "Group policy Management" open window in the right panel we can see the new policy linked in GPO for this Organizational Unit.
* In a few hours  it depend of the size of your network you are ready to see the Audity Log Success in the Log Name: Security at Event Viewer.

1 comment:

  1. Really Nice post, thanks for the wonderful information to audit logon times with the windows 2003 server group policy and track user logon times. It provides step wise info to configure enable audit functionality in group policy. I tried this group policy auditing tool (http://www.lepide.com/lepideauditor/group-policy.html) to manage logon/logoff scripts, remote installation services and track and control modifications in local audit policies, user right assignment policies.

    ReplyDelete