Q. How can I view my Windows Server 2008 and Windows Vista accounts' last-logon information?

A. In Server 2008 domain mode, you access Group Policy settings to enable the last-user logon and any unsuccessful attempts. You can find the setting by opening Computer Configuration, selecting Policies, and clicking Administrative Templates. Next select Windows Components, then Windows Logon Options. Finally, enable the "Display information about previous logons during user logon." You must apply this setting to both domain controllers (DCs) and the client machines you want to display last-logon information.

The first time a user logs on, he or she will see a dialog box stating that it’s the first time the user has interactively logged on to the account. On subsequent logons more information is displayed.

The actual logon information is stored with the user object. The values are

  • msDS-LastSuccessfulInteractiveLogonTime - The last successful interactive logon
  • msDS-LastFailedInteractiveLogonTime - The last failed interactive logon
  • msDS-FailedInteractiveLogonCount - The total number of failed interactive logons recorded since the time logon logging was enabled
  • msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon - The total number of failed interactive logons recorded since the last successful interactive logon

If you have read-only domain controllers (RODCs), the changes are written changes to the RODC and the closest writable DC.
TAGS: Windows 8
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish