Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Need Help With Monitoring logon activity on Systems in office

17 Feb 2013   #1
fizz000

Windows 7 Ultimate 32-bit
 
 
Need Help With Monitoring logon activity on Systems in office

Hello every one, i am new here and i have searched alot on the net for this but i cant find any thing about it. Its basically for my friends office. He has a small office with around 5 systems and all windows 7 and he wants
to monitor other systems in his office, their activities specially the log-on part. I have done MCTS certification in win 7. So i know we can use auditing and event subscription for data collection. But what i want to know is that can that be done on a homegroup(Sharing) network straight away using GP, or i need to install windows server 2008 and get some extra hardware and then connect the systems or can it be done directly without any extra hardware or it can just be done with windows server 2008 on one system. Its basically for monitoring nothing else not for saving data, or remote access or emailing, only monitoring. And i will be really thankfull if anyone can tell me if in case i need a server and hardware how much would that cost just an idea what wud it cost to get a network set up with a server. I dont know about servers or hardware related to that, my friend's business is new so he doesnt want to spend too much money at the moment, so that one reasong i am asking for a price above. I will be highly thankful if someone can help with this...


My System SpecsSystem Spec
.
18 Feb 2013   #2
MSchild

Windows 7/8/8.1 x64 &&& Debian-Based Linux
 
 

Hello,
I have the MCTS in Win 7 Administration as well.

If I am understanding this right, this person wants to log all the local machine logon times for each computer on this office network, which, as you stated, can be done with the Event Viewer. Or is it a situation of logging in remotely to a shared machine for file sharing and storage, and he wants to know who logs in and when? That can all be monitored via the same method as well.

OR, does he want the logon, etc. logs for each individual machine sent to his computer remotely? This can be accomplished via the subscription feature in the event viewer.
My System SpecsSystem Spec
18 Feb 2013   #3
fizz000

Windows 7 Ultimate 32-bit
 
 

Hello,

Thanks MSchild for replying. Its basically the first thing u said "this person wants to log all the local machine logon times for each computer on this office network" he wants all the reports/data on his computer.
My System SpecsSystem Spec
.

18 Feb 2013   #4
fizz000

Windows 7 Ultimate 32-bit
 
 

Quote   Quote: Originally Posted by MSchild View Post
Hello,
I have the MCTS in Win 7 Administration as well.

If I am understanding this right, this person wants to log all the local machine logon times for each computer on this office network, which, as you stated, can be done with the Event Viewer. Or is it a situation of logging in remotely to a shared machine for file sharing and storage, and he wants to know who logs in and when? That can all be monitored via the same method as well.

OR, does he want the logon, etc. logs for each individual machine sent to his computer remotely? This can be accomplished via the subscription feature in the event viewer.
Hello,

Thanks MSchild for replying. Its basically the first thing u said "this person wants to log all the local machine logon times for each computer on this office network" he wants to get all the reports/data on his computer.
My System SpecsSystem Spec
18 Feb 2013   #5
MSchild

Windows 7/8/8.1 x64 &&& Debian-Based Linux
 
 

Okay.. then it sounds to me like it's more like the last thing I said lol, that he wants all those logs sent to him remotely.

This can all be accomplished through the event viewer subscriptions. The Winlogon events should be logged under Windows > System. A quick search suggests Event ID 7001 is a local logon, and 7002 is a log off. Verifying on my machine, this seems to be accurate (you can of course add any Event IDs you think would be useful).

You will want to configure the Subscriptions on this person's machine to collect these logs from the remote machines on the domain like so:
Need Help With Monitoring logon activity on Systems in office-subscriptions.jpg

You'll need to add each computer on the domain to the list of course, and there are some useful options for HTTPS delivery, etc. The config I screenshot would have all these events sent to the Forwarded Events view. The events themselves each contain the computer name, user SID's, and of course timestamps, so it's pretty straightforward to read through. Let me know if there is any aspect of this you're fuzzy on, and I'll do my best to clear it up.


My System SpecsSystem Spec
19 Feb 2013   #6
fizz000

Windows 7 Ultimate 32-bit
 
 

Quote   Quote: Originally Posted by MSchild View Post
Okay.. then it sounds to me like it's more like the last thing I said lol, that he wants all those logs sent to him remotely.

This can all be accomplished through the event viewer subscriptions. The Winlogon events should be logged under Windows > System. A quick search suggests Event ID 7001 is a local logon, and 7002 is a log off. Verifying on my machine, this seems to be accurate (you can of course add any Event IDs you think would be useful).

You will want to configure the Subscriptions on this person's machine to collect these logs from the remote machines on the domain like so:
Attachment 255969

You'll need to add each computer on the domain to the list of course, and there are some useful options for HTTPS delivery, etc. The config I screenshot would have all these events sent to the Forwarded Events view. The events themselves each contain the computer name, user SID's, and of course timestamps, so it's pretty straightforward to read through. Let me know if there is any aspect of this you're fuzzy on, and I'll do my best to clear it up.
OK so i then choose the collector initiated and then in select computers i select the system where i need to send the events to which computer, this wud be on the employee systems, right. And on the system that i need to collect the events i shud choose source initiated and add them. I am sorry i just recently got my certification and dont have that mush practical experiance...
My System SpecsSystem Spec
19 Feb 2013   #7
MSchild

Windows 7/8/8.1 x64 &&& Debian-Based Linux
 
 

The config in the screenshot would be from the admin's machine. For each employee machine, you would select the 2nd option, Source Computer Initiated, and otherwise configure it similarly.

It's alright, I don't have much experience implementing this either. Actually I've only done it once, so it may be that you have to tinker with the settings here or there, but from what I can remember, that was the jist of how I got it working.
My System SpecsSystem Spec
19 Feb 2013   #8
fizz000

Windows 7 Ultimate 32-bit
 
 

Quote   Quote: Originally Posted by MSchild View Post
The config in the screenshot would be from the admin's machine. For each employee machine, you would select the 2nd option, Source Computer Initiated, and otherwise configure it similarly.

It's alright, I don't have much experience implementing this either. Actually I've only done it once, so it may be that you have to tinker with the settings here or there, but from what I can remember, that was the jist of how I got it working.
Thanks alot i will try it...
My System SpecsSystem Spec
19 Feb 2013   #9
MSchild

Windows 7/8/8.1 x64 &&& Debian-Based Linux
 
 

np (:
My System SpecsSystem Spec
Reply

 Need Help With Monitoring logon activity on Systems in office




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
the logon process was unable to display security and logon options whe
I have a Gateway MX6920 that had Windows XP preinstalled on it, I formatted and installed Windows 7. it only has the basic Windows 7 programs on it +Firefox, Google Chrome, TeamViewer, & an Anti-virus, but I have an ongoing issue where the computer completely freezes. the mouse doesn't work, no...
General Discussion
Log the Logon Activity on every attempt... please help
hi all, We are at work, using PC connecting through Active Directory Server ( as restricted user ). I want to know how I can LOG all Logon activity even when I Logon after Logout or someone user Switch User facility. only need to log Username, Date & Time to know in my absence is there someone...
System Security
after latest updates office 2010 is gone from most systems on domain
hi after latest updates are pushed on systems office 2010 is gone . it is affecting office 2010. the windows in question is windows 7 enterprise and office is pro plus. we are in a domain environment . updates are pushed through wsus server. the symptoms are that when launching outlook...
Windows Updates & Activation
BSOD while AV scan activity or medium app activity
I get random BSOD when I do a full antivirus scan, or any medium application activity from MS office or graphics programs
BSOD Help and Support
boot performanc monitoring and shutdown performance monitoring issues
hi all. I am getting several errors with bood performance and shutdown performance monitoring issues. I was wondering if anyone knows what the errors are and how to fix them. they are errors: 100 200 203 102 108 101 106
Performance & Maintenance
Are Unix systems more secure than Windows systems?
Lately, I've heard some people say that the Unix code is more secure than the Windows code and that the Windows code has many holes and bugs in it. Before, I always thought Unix systems (for example, Mac) were less likely to get infected by viruses only because they had a lower market share....
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:01.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App