Direct Inward Dialing: +1 408 916 9892
ADAudit Plus is a comprehensive Active Directory auditing solution that will help you monitor, and audit local logon and logoffs by domain users. It can also track other critical events that can lead to network disruptions. Using ADAudit Plus, you can keep a track of startups and shutdowns in all the computers within your domain.
The pre-built reports of the solution that provide the details on computer startups and shutdowns can be automatically generated and emailed to you at specified intervals. You can also export these reports to a format of your choice. Here is how you can access the computer startup and shutdown reports using ADAudit Plus:
Login to ADAudit Plus → Go to the Reports tab → Under Local Logon-Logoff Reports → navigate to the Computer Startup and Shutdown report.
You can also track when a computer was last started up and shut down using the "Computer Last Startup and Shutdown " report. This report can provide details regarding who performed the action, when it occurred and the process that triggered the startup or shutdown.
Login to ADAudit Plus → Go to the Reports tab → Under Local Logon-Logoff Reports → navigate to the Computer Startup and Shutdown report.
With native AD auditing, here is how you can monitor the computer startups and shutdowns:
Launch 'Server Manager' in your Windows Server instance.
Under Manage, select 'Group Policy Management' and launch the Group Policy Management console.
Navigate to Forest --> Domain --> Your domain --> Domain Controllers.
Create a new GPO and link it to the domain containing the computer object, or edit any existing GPO that is linked to the domain to open the 'Group Policy Management Editor'.
Navigate to Computer Configuration -> Windows Settings -> Security Settings ->Local Policies -> Audit Policy.
Under Audit Policy, select 'Audit system events' and turn auditing on for both Success and Failure events.
Now, navigate to Computer Configuration -> Windows Settings -> Security Settings ->Advanced Audit Policy Configuration -> System Audit Policies - Local Group Policy Object -> System.
Under System, enable auditing for 'Audit Security State Change', (Turn on auditing for both successes and failures).
Every time a user starts or shuts down a computer, an event log will be recorded in the Event Viewer. These event logs can be used to track computer active hours. To view these audit logs, go to the Event Viewer. Under Windows Logs, select System. You can find all the audit logs in the middle pane as displayed below.
To filter the event logs to view just the logs associated with computer startup and shutdown, select 'Filter Current Log' from the right pane. Simply search for the event ID 6005 (Computer was started), 6006 (Computer was shut down). You can see when the computer was started up and shut down.
Using this information, you can identify when a computer was shut down or started up. This process needs to be repeated several times if you want to monitor multiple devices.
Native auditing becoming a little too much?
Simplify computer startup and shutdown auditing and reporting with ADAudit Plus.
Get Your Free Trial Fully functional 30-day trial