
	Home > Ask the Windows Server Experts > Archive: Microsoft Active Directory Questions & Answers > Filtering workstation logon events to log only user activity

Ask The Windows Server Expert: Questions & Answers

EMAIL THIS

Filtering workstation logon events to log only user activity

EXPERT RESPONSE FROM: Paul Hinsberg

		Pose a Question

		Other Windows Server Categories

		Meet all Windows Server Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 23 November 2004
Since we have upgraded to Windows 2000/AD, our security logs have grown very large. There seems to be a lot of logon/logoff (successful) activity between the workstation$ accounts and the Domain. I work for a hospital and must track all logon activity for users, is there a way to filter out workstation logon/logoff events and only log user activity. This is wreaking havoc on my archiving scheme. Thanks!

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Archive: Microsoft Active Directory
	Creating user home directories on a Windows 2003 network
	Changing NTDS links with Active Directory
	Can I add a Win2003 Server to an NT4 domain without AD?
	Error of event ID 7031 when attempting to move mailboxes
	Finding the creation date of objects
	Child domains not finding global catalog
	Duplicating Windows 2000 domain as Windows 2003 test environment
	Backward checking permission for groups in Active Directory
	How can I configure user profiles on a Windows 2000 Server?
	Changing domain controller names in Windows 2000 Server

Microsoft Active Directory Tools and Troubleshooting

How to find and remove lingering objects in Active Directory

DNS troubleshooting best practices

Generating a DNS health check in Windows

Debugging Windows client logon delays: Narrowing the scope

Troubleshooting poor Windows logon performance in Active Directory environments

New Operations Manager 2007 feature allows for automated agent deployments

Taming the LSASS.exe process for Active Directory performance and security

Active Directory FAQs

Troubleshooting Active Directory database errors

Troubleshooting a cross-forest trust in Active Directory

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

The granularity of the policy for logging of events does not permit the exclusion of the machine accounts. However, if you are using a scripted solution for archiving, or are willing to use such a solution you can filter the events from the logs when they are archived. The VBScript along with WMI can be utilized to pull information from event logs of multiple machines and centrally store the information. If you use this process in conjunction with an appropriate Group Policy governing size and how the information is cleared from event logs -- you can effectively store the logs after filtering unnecessary information. The logs can then be stored for long durations, backed up to tape, and reviewed at will.
Paul Hinsberg

Additional Expert Help:
Be sure to check our Answer FAQ for more expert advice.
For faster answers, visit ITKnowledge Exchange.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Windows Server Solutions - Intel Hardware Solutions

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2004 - 2009, TechTarget \| Read our Privacy Policy