How to check user logon history?
Step 1 -Run gpmc.msc → Create a new GPO → Edit it: Go to "Computer Configuration" → Policies → Windows Settings → Security Settings → Advanced Audit Policy Configuration → Audit Policies → Logon/Logoff: Audit Logon → Define → Success And Failures.
Step 2 -Go to Event Log → Define:
Maximum security log size to 4GB
Retention method for security log to "Overwrite events as needed".
Step 3 -Link the new GPO to OU with Computer Accounts: Go to "Group Policy Management" → right-click the defined OU → choose Link an Existing GPO → choose the GPO that you created.
Step 4 -Force the group policy update: In "Group Policy Management" right click on the defined OU → click on "Group Policy Update".
Step 5 -Open Event viewer and search Security log for event id 4648 (Audit Logon).
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools