Forum Discussion

iq's avatar
iq
Copper Contributor
Nov 06, 2022

Auditing user activity across Enterprise servers

Hello Experts ,

We have been noticing some users are using shared service accounts to perform some activities which need to be traced and tracked for auditing.
I am looking for help with a Powershell script which lets me see all the users connected across the Network of servers. Please let me know if there is any such script which I can use or may be tweak a little bit.

Regards
Faiz

We need a simple report like

User ID, Session_ID , Local Client_Host_ID, Remote Server_ID_Connected to, brief_descp_Activity performed

  • You can find a lot of things in the security logs of your Domain Controller and the local security log of the remote server. But that's mainly logon events by default, you have to enable object access logging to see what things they are doing using the service account.

    But are you preventing the usage of those service accounts? You can restrict them to only log on to certain computer accounts for example.

Resources