This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Community FAQ
Register | Log In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Report on Priveleged User Logons
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-18-2015 10:53 AM
Hi,
This may have been answered before but I cannot find any recent posts for it. We are scanning the audit logs of servers and I am wanting to report on when and who logged onto a server with a privileged account.
This may have been answered before but I cannot find any recent posts for it. We are scanning the audit logs of servers and I am wanting to report on when and who logged onto a server with a privileged account.
Solved! Go to Solution.
Labels:
- Labels:
-
Report Center
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-28-2015 11:43 AM
After enabling logon auditing on computers in your network and enabling the scan of Audit success and Audit Failure events on your Lansweeper web console under Configuration\Server options, section Eventlog scanning, the following report lists logon events with special privileges:
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.IPAddress,
tsysOS.OSname,
tsysOS.Image As icon,
tblNtlog.Eventcode,
tblNtlog.TimeGenerated,
tblNtlogFile.Logfile,
tblNtlogSource.Sourcename,
tblNtlogMessage.Message
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tsysOS On tblAssets.OScode = tsysOS.OScode
Inner Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Where tblNtlog.Eventcode =4672 And tblAssetCustom.State = 1
Order By tblNtlog.TimeGenerated Desc
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-28-2015 11:43 AM
After enabling logon auditing on computers in your network and enabling the scan of Audit success and Audit Failure events on your Lansweeper web console under Configuration\Server options, section Eventlog scanning, the following report lists logon events with special privileges:
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.IPAddress,
tsysOS.OSname,
tsysOS.Image As icon,
tblNtlog.Eventcode,
tblNtlog.TimeGenerated,
tblNtlogFile.Logfile,
tblNtlogSource.Sourcename,
tblNtlogMessage.Message
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tsysOS On tblAssets.OScode = tsysOS.OScode
Inner Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Where tblNtlog.Eventcode =4672 And tblAssetCustom.State = 1
Order By tblNtlog.TimeGenerated Desc
Reports & Analytics
Ask about reports you're interested in and share reports you've created. Subscribe to receive daily updates of reports shared in the Community.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- CMDB questions last logged on vs owner in General Discussions
- Create Report : Audit VMs Last Logon > 90Days in Reports & Analytics
- help by creating a report "list last logon user by location on date X" in Reports & Analytics
- Last Logon Report that includes all Windows devices? in Reports & Analytics
- Add Logon Script Field to AD User attributes Report in Reports & Analytics
