Linking Logon to Logoff and Everything in Between with the Windows Security Log

Webinar Registration

Figuring out logon sessions is one of the hardest things to do with the Windows security log and I get asked about this all the time: How do you figure out how long a user was actually logged in? When did they logon and when did they logoff? When was the system shutdown, asleep or the user away?
 
On the surface it seems so easy: get the logon event, link it to the logoff event with the logon ID value. Oh if only!
 
In this webinar, I will take you into a deep dive on logon session auditing and help you understand the difference between what’s logged on:
  • Domain controllers
  • Member servers
  • Workstations
I’ll explain the difference in how Windows logs events for
  • Interactive logons at the console
  • Network logon sessions for shared folder access
  • Remote desktop sessions
  • Service logons
  • Batch logons
Also, I’ll cover things that muddy the waters like
  • Password protected screen savers
  • Hibernation and sleep
  • Remote desktop disconnects and reconnects
  • Normal shutdowns
  • Sudden power downs
This is going to be a really fun and super techie session.  It’s sponsored by Quest Software (now part of Dell) and Alexey Korotich will briefly demonstrate new capabilities of the integrated solution from Dell based on InTrust and ChangeAuditor.
 
This is the real thing – don’t miss this real training for free ™!
 
First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
Address:  
City:  
State:  
Zip/Postal Code:  
Organization Type :
 

Your information will be shared with the sponsor.


 

 

Additional Resources