I think the OP mentioned this was a 2008 DC. These are the event ID's for 2003, in 2008 they are different.
Try this: http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4624 Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com The Guardian Life Insurance Company of America www.guardianlife.com From: Webster <webs...@carlwebster.com> To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> Date: 12/04/2012 06:36 PM Subject: RE: Server login reporting This should help you out. http://technet.microsoft.com/en-us/library/cc787567(v=ws.10).aspx Thanks Webster -----Original Message----- From: Gavin Wilby [mailto:gavin.wi...@gmail.com] Subject: Re: Server login reporting OK, I understand what your all saying but the server in question shows 100's if not 1000's of logon events. How to I ascertain which ones are true user logons to the servers console? Gavin. On Tue, Dec 4, 2012 at 10:48 PM, Kim Longenbaugh <k...@colonialsavings.com> wrote: > Great minds..... > > > > From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] > Sent: Tuesday, December 04, 2012 4:33 PM > > > To: NT System Admin Issues > Subject: RE: Server login reporting > > > >>I know the sec log shows this, but its a nightmare to go through. > > Its really not, you can use the UI to actually build a query. > > > > Open up the mmc, click "Attach a Task To this Log..." > > > > You'll be shocked how easy it is:) It even has "send an email" as an action. > Use the query builder to abstract you from the syntax if needed. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<image/jpeg>>