Are there any kind of logs per user account, for eg: hours logged in, etc.
Or any kind of third party software's to analyze software usage patterns per user account on Windows Server 2008 R2
Asked
Active
Viewed 126 times
1 Answers
1
The logs exist, but they require 3rd party abstraction tools to get at. On individual workstations, if you analyze the Security log you can associate login and logout events to extract a login-duration statistic. The Login/logout events on the Domain Controller are for the individual session that user had with that specific DC, presumably pulling things down like GPOs and other items.
As for software usage, this can also be abstracted out of Windows Eventlogs, but it requires special config and parsing. It requires turning on Process Tracking, and will create VERY large logs on each workstation. You'll then need to extract and analyze those logs to abstract out software usage patterns.
It isn't easy.
sysadmin1138
- 133,124
- 18
- 176
- 300
-
any third party tools that you would like to recommend – rzlines Sep 15 '10 at 17:52
-
1Seconded. It's difficult enough to be near impossible, unless you can seriously restrict your scope. @rzlines, what problem are you trying to solve? Think of it from the business perspective, not IT. – mfinni Sep 15 '10 at 17:53
-
1@rzlines I don't work with that kind of tool, so don't have any exposure. Splunk (see ads on this site) can do at least the user-login associations, but you'll need to add each and every workstation into its domain. Don't know if it can do the software abstraction you need. It will be VERY expensive. – sysadmin1138 Sep 15 '10 at 17:59
-
1Depending on the scenario - this can be implemented a little easier in a TS/Citrix environment. – mfinni Sep 15 '10 at 19:07
-
1Very true! Run more than one end-user session on the same box, only have to monitor one set of event logs. – sysadmin1138 Sep 15 '10 at 19:30