How do I check the users that have logged in on the server in the last couple of weeks? I suppose Event Viewer, but where exactly?
Windows Server 2012 R2: how to monitor logons
windows-server-2012-r2
windows-server-2012-r2
How do I check the users that have logged in on the server in the last couple of weeks? I suppose Event Viewer, but where exactly?
Best Answer
It's all in the Security event log. Interactive logons, network logons, local logons, logons over RDP... whether your Security event log can store weeks worth of events depends on how busy your server is and how large your event log is configured to be.
http://blogs.msdn.com/b/ericfitz/archive/2008/08/20/tracking-user-logon-activity-using-logon-events.aspx
The three-digit event IDs are for old versions of Windows. The corresponding 4 digit event IDs are for newer (Vista+) versions of Windows.
You may also be interested in configuring Advanced Audit Policies:
https://technet.microsoft.com/en-us/library/ff182311(v=ws.10).aspx
They allow you to capture even more events with more granular detail than you do by default. But it is not necessary just to capture basic "a user just logged on" type events. But be careful about logging too much... excessive logging fills up your event log with clutter.
An event ID 4624 for example: