Identify currently logged on users

Objective:

You wish to track the currently logged on users on a system using OpUtils' IP Address Manager module.

Pre-requisites:

By default, OpUtils displays Logged on user details by fetching it from event logs using Active Directory(AD) credentials. For this to work, please ensure you meet the following requirements:

  • Configure AD details under Settings, OpUtils, and Active Directory.
  • The configured user credentials should have admin permission and should be present in the Event log readers group.

Note: OpUtils will fetch the events from event ids 672, 4768 & 4769.

To fetch and display logged on user details:

To fetch event logs from AD, please follow the steps given below,

  1. Go to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies, and enable Audit Policy Service.
    • Define the policy and choose for Success and Failure.
  2. Go to Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies > Account Logon and click on Audit Kerberos Authentication Service.
  3. Ensure that the Audit account logon events and Audit logon events are enabled.
    • Define the policy and choose for Success and Failure.
  4. Go to Control Panel > Administrative Tools > Group Policy Management > Default Domain Controllers Policy and right click to edit Audit Policy. Policy Setting should be Success.
    • Define the policy and choose for Success and Failure.
  5. Configure Kerberos Authentication service.
  6. Go to Security Settings > Advanced Audit Policy Configuration > Audit Policies and click on Account Logon.

Note: In case of Non-Administrator,

  • The user should be a member of Distributed COM Users, Domain Users, and Event Log Readers.
  • Non-administrator should have access to WMI name spaces (CIMV2, directory,RSOP) on the Domain Controller.
  • This can be configured by navigating to Control Panel > Administrative Tools > Computer Management > WMI Control > Properties > CIMV2, directory, RSOP > Enable Account, and click on Remote Enable.

Speak to us

Current logged on user details still not displayed? Support will be available 24hrs a day and five days a week (Monday through Friday), excluding USA & India public holidays.

Telephone : +1-888-720-9500

Email : oputils-support@manageengine.com

Join the OpUtils Community, to get instant answers for your queries, register with our Forum.