Archive

Tracking Physical Presence with the Windows Security Log


How do you figure out when someone was actually logged onto their PC? By “logged onto” I mean, physically present and interacting with their computer. The data is there in the security log, but it’s so much harder than you’d think. First of all, while I said it’s in the security log, I didn’t say which one. The bad news is, it isn’t in the domain controller log. Domain controllers know when you logon, but they don’t know when you logoff. This is because domain controllers just handle initial authentication to the domain and subsequent authentications to each computer on the network.

See EventTracker in action!

See EventTracker in action!

Join our next live demo November 5th at 2:00 p.m. EST.

REGISTER HERE