cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Auditing user activity across Enterprise servers

iq
Copper Contributor

‎Nov 05 2022 10:03 PM

‎Nov 05 2022 10:03 PM

Auditing user activity across Enterprise servers

Hello Experts ,

We have been noticing some users are using shared service accounts to perform some activities which need to be traced and tracked for auditing.
I am looking for help with a Powershell script which lets me see all the users connected across the Network of servers. Please let me know if there is any such script which I can use or may be tweak a little bit.

Regards
Faiz

We need a simple report like

User ID, Session_ID , Local Client_Host_ID, Remote Server_ID_Connected to, brief_descp_Activity performed

Labels:
1,834 Views
0 Likes
4 Replies
Reply
4 Replies
Harm_Veenstra

‎Nov 14 2022 01:36 PM

‎Nov 14 2022 01:36 PM

Re: Auditing user activity across Enterprise servers

You can find a lot of things in the security logs of your Domain Controller and the local security log of the remote server. But that's mainly logon events by default, you have to enable object access logging to see what things they are doing using the service account.

But are you preventing the usage of those service accounts? You can restrict them to only log on to certain computer accounts for example.
0 Likes
Reply
iq

‎Nov 17 2022 11:07 AM

‎Nov 17 2022 11:07 AM

Re: Auditing user activity across Enterprise servers

@Harm_Veenstra   We ar enot restricting it but would like to know if users are using the access to do somethinhg they should not be doing. Is there any powershell script or any othe script I can use to check this ? 

0 Likes
Reply
Harm_Veenstra

‎Nov 17 2022 11:52 AM

‎Nov 17 2022 11:52 AM

Re: Auditing user activity across Enterprise servers

I were a blog about how to gather security events on domain controllers, https://powershellisfun.com/2022/07/19/retrieve-security-events-from-active-directory-using-powershe... and perhaps you can expand on that? It searches for certain events. If you audit logon events, you should be able to gather information about that (you can add more event id's to search for)
0 Likes
Reply
Harm_Veenstra

‎Nov 29 2022 05:04 AM

‎Nov 29 2022 05:04 AM

Re: Auditing user activity across Enterprise servers

Did you manage to create the report?
0 Likes
Reply