Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

 

How to monitor user activity in Windows computers

Tracking user activity or employee behavior on the organization's network reveals a lot about the employees- their attendance, logon and logoff time, active hours at work, critical file access on the file server, to unusual logons. User activity auditing provides proper evidence to spot miscreants and stop the organization falling prey to a potential cyberattack.

The following is a comparison between methods of getting and analyzing details about domain user activity using native auditing tools and ManageEngine's ADAudit Plus, a comprehensive real-time Active Directory auditing solution.

Download for FREE
Free, fully functional 30-day trial
  • With Native AD Auditing

  • With ADAudit Plus

  • Follow steps 1 and 2 given in the native auditing section to turn on Audit Policy and to enable logon-logoff auditing.

  • Login to ADAudit Plus web console as an administrator.

  • Click on the Reports tab. From the Local logon-logoff section in the left pane, select the Logon Activity report.

  • The Logon Activity report in ADAudit Plus shows the logon attempts, along with the username, logon time, name of the workstation, type of logon among other examples. how-to-monitor-windows-user-activity-5
  • Here are some of the limitations to generate a report of user activity in Active Directory using native auditing methods:
    1. Each domain controller shows a different logon time due to non-replication of data.

    2. It is a complex process to obtain the required data amidst the noise.

    3. It is difficult to generate the report for different time zones and date formats.

  • With ADAudit Plus, it is easy to understand user activity in Active Directory in just a few clicks, and it is displayed in a simple and intuitively designed UI. Real-time alerting for unusual activity, based on thresholds set by the organization, can identify and thwart potential insider cyberattacks on the organization.
  • Step 1: Enable Audit Policy
  • Go to Start -> All Programs -> Administrative tools

  • Open the Group Policy Management console.

  • Go to Forest -> Domain -> Your Domain -> Domain Controllers.

  • You can either edit an existing group policy object or create a new one.

  • In the Group Policy Management Editor, navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Logon/Logoff.

    how-to-monitor-windows-user-activity-1
  • Step 2: Enable logon-logoff
  • Go back to Computer Configuration. Navigate to Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policy -> Logon/Logoff.

  • Under that, enable Success and Failure auditing for Audit Logon, Audit Logoff, and Audit other logon/logoff events.

  • Open the Group Policy Management console and select the GPO that you have edited or created. Under Security Filtering, add the users whose logons need to be tracked. You can also choose to audit every domain user's logon by selecting All users. To audit a group of domain users, the specific group(s) can be added.

    how-to-monitor-windows-user-activity-2
  • Step 3: Use Active Directory Event Viewer to check the logs
  • Open Event Viewer and navigate to Windows logs -> Security.

  • Search for event IDs 4624 (Account was logged on), 4634 (Account was logged off), 4647 (user initiated logoff), 4800 (workstation was locked), and 4801 (workstation was unlocked).

    how-to-monitor-windows-user-activity-3
  • Click Filter Current Log on the right side to filter the logs based on event IDs or the time range for which the information is required.

    how-to-monitor-windows-user-activity-4

Does native auditing become a little too much?

Simplify distribution group auditing and reporting with ADAudit Plus.

Get Your Free Trial Fully functional 30-day trial

Request 1-on-1 demo

  •  
  •  
  •  
  •  
  •  
  • US
  • By clicking 'Submit' you agree to processing of personal data according to the Privacy Policy.

Thanks

One of our solution experts will get in touch with you shortly.

ADAudit Plus Trusted By

Back to Top