Figuring out logon sessions is one of the hardest things to do with the Windows security log and I get asked about this all the time: How do you figure out how long a user was actually logged in? When did they logon and when did they logoff? When was the system shutdown, asleep or the user away?
On the surface it seems so easy: get the logon event, link it to the logoff event with the logon ID value. Oh if only!
In this webinar, I will take you into a deep dive on logon session auditing and help you understand the difference between what’s logged on:
-
Domain controllers
-
Member servers
-
Workstations
I’ll explain the difference in how Windows logs events for
Also, I’ll cover things that muddy the waters like
This is going to be a really fun and super techie session. It’s sponsored by Quest Software (now part of Dell) and Alexey Korotich will briefly demonstrate new capabilities of the integrated solution from Dell based on InTrust and ChangeAuditor.
This is the real thing – don’t miss this real training for free ™!