Direct Inward Dialing: +1 408 916 9892
A user logs on to a system to gain access to the computer and the files on the network. In Windows, there are several ways a logon can occur locally, and remotely. System admins need to keep track of the logon types to be abreast of any security vulnerabilities in the organization's network.
The following is a list of the types of logons, along with their codes, found in the Windows security event log:
This type of logon happens when a user logs on to the computer.
This type of logon occurs when a user or computer logs on to the computer from the network.
This type of logon is used by batch servers. Scheduled tasks are executed on behalf of a user without human intervention.
This type of logon is used for services and service accounts that logon to run a service.
This type of logon occurs when a user unlocks their machine.
This type of logon occurs when a user or computer logs on to the computer from the network, and the password is sent in clear text.
This type of logon occurs when a user uses the 'RunAs' command to run an application.
This logon type occurs when a user remotely accesses the computer through RDP applications such as Remote Desktop, Remote Assistance or Terminal Services.
This type of logon is recorded when a user logons to the computer without having to contact the domain controller, since the network credentials are locally stored on the computer.
Logs with event IDs 4624 and 4625 are generated every time there is a successful or failed logon on a local computer, respectively.
Auditing logon activity with ADAudit Plus
ADAudit Plus user logon monitoring and auditing capabilities provide real-time activity reports. Administrators can centrally audit, monitor and view pre-configured reports and schedule reports to be delivered to their inbox.
Select the report of your choice, and see information about currently logged on users, logon failures, computers startup and shutdown time, and more.
Have a glimpse of some of the ADAudit Plus reports by viewing the screenshots of (i) Logon Activity report, (ii) Currently Logged On Users report, and (iii) Computer Startup and Shutdown report, below.
A user logon activity report on ADAudit Plus
The currently logged on users report in ADAudit Plus
Computers' startup and shutdown time report in ADAudit Plus
ADAudit Plus is a real-time Active Directory auditing tool that offers 200+ reports and email alerts, including various logon and logoff reports. The different ways to logon to systems can be distinguished by ADAudit Plus, and this can help the organization understand employee behavior with regards to IT, and thwart insider and outsider attacks. It is also a valuable solution for companies that need to adhere to compliance mandates.
Managing user logon activity need not be complicated at all. Try ADAudit Plus for auditing all your workstations.
Try ADAudit Plus login monitoring tool to audit, track, and respond to malicious login and logoff actions instantaneously.
Try ADAudit Plus for free