can this be logged?

TheMSsForum.com: The Microsoft Software Forum

Hi,

I am setting up my new SBS 2000 and was wondering if I can track the
time employees login and logout of an SBS network. I would like to
verify the time they claim they spent working.

Can this be done for remote logins as well? I would like to see if they
login over weekend when they claim to do work.

I know they can login and do nothing, I just want to catch the cheaters
how don't even bother to login.

Thanks
Georges
Top

Re: can this be logged? by Javier

Javier
Fri Sep 19 17:39:09 CDT 2003

Yes... go to the auditing/security policy and enable auditing of
logon/logoff events. Then just read the logs.

--
-Javier

<< SBS ROCKS !!! >>


"Georges" <nospam@aol.com> wrote in message
news:eWqis1vfDHA.1088@TK2MSFTNGP10.phx.gbl...
> Hi,
>
> I am setting up my new SBS 2000 and was wondering if I can track the
> time employees login and logout of an SBS network. I would like to
> verify the time they claim they spent working.
>
> Can this be done for remote logins as well? I would like to see if they
> login over weekend when they claim to do work.
>
> I know they can login and do nothing, I just want to catch the cheaters
> how don't even bother to login.
>
> Thanks
> Georges
>


Top

Re: can this be logged? by Georges

Georges
Fri Sep 19 22:01:46 CDT 2003

Hi Javier,


Thanks for pointing me in the right direction. This sounds perfect and
I suspect I'm almost there. I just want to clarify things:

by auditing/security you mean....
1) Start > Programs > Admin Tools > Domain Security Policies to start
the console
2) at left, expand: Windows Settings > Security Settings > Local Policy
> Audit Policy
3) on right side, edit properties for "Audit Account Logon Events"
and/or "Audi Logon Events" and check boxes

This seems good, but I enabled it and did several logon/logoff and
checked the events/security but there were no entries. Do I need to reboot?

Georges



Javier Gomez wrote:
> Yes... go to the auditing/security policy and enable auditing of
> logon/logoff events. Then just read the logs.
>

Top

Re: can this be logged? by Javier

Javier
Fri Sep 19 22:19:42 CDT 2003

Yes... you are in the right track.

Policies require time to update (I think is 15 minutes by default). Also,
you can force the update by typing "gpupdate" at a command prompt (rebooting
will certainly do it too). Also, make sure that you selected the proper
actions to be audited (both Success and Failure).

Finally... this is probably obvious: but you need people to logon/logoff in
order to see something (if they are already logged in when the policy is
applied it won't appear). :-)

If still doesn't work post back.

--
-Javier

<< SBS ROCKS !!! >>



"Georges" <nospam@aol.com> wrote in message
news:OZ3HtNyfDHA.3616@TK2MSFTNGP11.phx.gbl...
> Hi Javier,
>
>
> Thanks for pointing me in the right direction. This sounds perfect and
> I suspect I'm almost there. I just want to clarify things:
>
> by auditing/security you mean....
> 1) Start > Programs > Admin Tools > Domain Security Policies to start
> the console
> 2) at left, expand: Windows Settings > Security Settings > Local Policy
> > Audit Policy
> 3) on right side, edit properties for "Audit Account Logon Events"
> and/or "Audi Logon Events" and check boxes
>
> This seems good, but I enabled it and did several logon/logoff and
> checked the events/security but there were no entries. Do I need to
reboot?
>
> Georges
>
>
>
> Javier Gomez wrote:
> > Yes... go to the auditing/security policy and enable auditing of
> > logon/logoff events. Then just read the logs.
> >
>


Top

Re: can this be logged? by Luis

Luis
Mon Sep 22 09:21:57 CDT 2003

george,

you need to use the domain controller security policy.

people are logging to the dc - not their machines.




"Georges" <nospam@aol.com> wrote in message
news:OZ3HtNyfDHA.3616@TK2MSFTNGP11.phx.gbl...
> Hi Javier,
>
>
> Thanks for pointing me in the right direction. This sounds perfect and
> I suspect I'm almost there. I just want to clarify things:
>
> by auditing/security you mean....
> 1) Start > Programs > Admin Tools > Domain Security Policies to start
> the console
> 2) at left, expand: Windows Settings > Security Settings > Local Policy
> > Audit Policy
> 3) on right side, edit properties for "Audit Account Logon Events"
> and/or "Audi Logon Events" and check boxes
>
> This seems good, but I enabled it and did several logon/logoff and
> checked the events/security but there were no entries. Do I need to
reboot?
>
> Georges
>
>
>
> Javier Gomez wrote:
> > Yes... go to the auditing/security policy and enable auditing of
> > logon/logoff events. Then just read the logs.
> >
>


Top

Re: can this be logged? by Georges

Georges
Mon Sep 22 16:12:12 CDT 2003

Hi Luis,

Thanks! You got it right, I was using the local policy instead of the
DC. It makes sense, once I change it, I saw the events being logged.
Thank you so much for taking the time to clear this up :)

Georges

Luis Carvalho wrote:
> george,
>
> you need to use the domain controller security policy.
>
> people are logging to the dc - not their machines.

Top