Troy: Out of curiosity, how many domain controllers do you have in your environment? Logon events are housed on each domain controller, so you had to have made this change on each DC in your environment. If you have only one or two that’s not a big deal, my environment has 40 around the world so not sure that solution would work in that case unless its a file that can be easily copied across and maintained. Ryan -----Original Message----- From: Blind-sysadmins <blind-sysadmins-bounces@lists.hodgsonfamily.org> on behalf of Troy Hergert <thergert@vision-forward.org> Reply-To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Date: Tuesday, April 26, 2016 at 10:30 AM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: Re: [Blind-sysadmins] Active Directory auditing
I wanted to thank everyone again for their suggestions of third party software for active directory auditing. Because our needs are very simple I was able to find ways to pull the information I needed directly out of the server event viewer. Just wanted to give you a summary of what I did.
Print jobs: I found the print server job log by drilling down deep into the applications and services group. This was not enabled by default, so I enabled it and was able to filter the log file by the ID number of a successful print job. I was then able to save the filtered log file into a csv file. This enabled me to see which users have sent jobs to which printers.
User logons: this was a bit more challenging I did some searching on this topic and found that I needed to paste in some xml code to filter the log file by a specific users logon events. This was a bit more challenging but it works. If anyone else would like to know how all this worked for me, feel free to Email me. Thanks again.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins