Is there a way to find out when user XXX logged in and out from WinXP on e.g. last Tuesday ?

I could imagine that there is an event log entry written.
However I do not see it. Do I have to enable "User logon/logoff event log records" somewhere ?

If these kind of events are not logged: Is there another way (work around) to write
(automatically) event log records (in the future) when users log off?

How can I (as normal user) write easily log records into the system log (e.g. from command line)?

Martin

"Martin Caldwell" > wrote in message
...
> Is there a way to find out when user XXX logged in and out from WinXP on
> e.g. last Tuesday ?
>
> I could imagine that there is an event log entry written.
> However I do not see it. Do I have to enable "User logon/logoff event log
> records" somewhere ?
>
> If these kind of events are not logged: Is there another way (work around)
> to write
> (automatically) event log records (in the future) when users log off?
>
> How can I (as normal user) write easily log records into the system log
> (e.g. from command line)?
>
> Martin
>
These events are logged in the security event logger file.
Jim

"Martin Caldwell" > wrote in message
...
> Is there a way to find out when user XXX logged in and out from WinXP on e.g.
> last Tuesday ?
>
> I could imagine that there is an event log entry written.
> However I do not see it. Do I have to enable "User logon/logoff event log
> records" somewhere ?
>
> If these kind of events are not logged: Is there another way (work around) to
> write
> (automatically) event log records (in the future) when users log off?
>
> How can I (as normal user) write easily log records into the system log (e.g.
> from command line)?
>
> Martin
>


If you're running Windows XP Home Edition go to Start -> Control Panel ->
Administrative Tools and open up the Event Viewer. Note: You can also launch
Event Viewer by entering eventvwr.msc in the Start -> Run box. In the left hand
column of Event Viewer, click on Security. In the right hand pane, click on the
User column. Scroll down to the user name in question and look for successful
Logon/Logoff events.

If you're running XP Professional, you'll have to enable auditing of logon
events. You can do that through the local security policy. Once this is done
you'll be able to view future logon events in Event Viewer using the procedure
outlined above.

Go to Start -> Control Panel -> Administrative Tools and double click on Local
Security Policy.
In the Local Security Policy editor, navigate to this policy.

Security Settings\Local Policies\Audit Policy

In the right hand pane, right click on Audit logon events.
Select Properties from the menu.
Put a check mark in the box next to both Success and Failure.
Click OK.

Keep in mind that if you're running XP Professional, enabling auditing of logon
events at this time will not allow you to view any activity that happened in the
past. It will start recording future logon events. Also, you may have to
increase the size of the log file to see all audited events if there are several
users for this machine. The log size can be changed by right clicking on
Security in the left hand pane and selecting Properties from the menu. The
default is 512KB.

For more info, take a look at these articles.

Audit Policy Settings
http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/xpsgch03.mspx#ETE

How To Enable Security Auditing in Windows XP Pro
http://netsecurity.about.com/cs/tutorials/ht/ht040503.htm

Good luck

Nepatsfan

Enable Auditing:
Control Panel - Administrative Tools - Local Security Policy - Local
Policies (expand it) - Audit Policy - Audit Account Logon Events (enable
both Success and Failure attempts)

Restart.

"Martin Caldwell" > wrote in message
...
> Is there a way to find out when user XXX logged in and out from WinXP on
> e.g. last Tuesday ?
>
> I could imagine that there is an event log entry written.
> However I do not see it. Do I have to enable "User logon/logoff event log
> records" somewhere ?
>
> If these kind of events are not logged: Is there another way (work around)
> to write
> (automatically) event log records (in the future) when users log off?
>
> How can I (as normal user) write easily log records into the system log
> (e.g. from command line)?
>
> Martin
>