Accepted Solutions
As you are aware and are probably already using the Windows events within Prognosis to monitor for the key login events.
"Windows Security Log Event ID 4624 which you can tie this event to logoff events 4634 and 4647 using Logon ID.. though I realize you are probably looking for the current users logged on.
The easiest way is to create a display using NTProcess, only include the field "username" and maybe "Busy %" and then do a Combine over the "Username" field and only show combined data. This will give you a list of all users logged in and running processes.. as if they are logged in they will be running 'something'.
Then you can filter out your service accounts for MSSQL, NTAUTHORITY, etc to get your users, usually the non-service accounts jump out like a sore thumb and you can flag them as such using a visual alert.
Christopher
Yes, super easy, have the node be "Entire Network" or the Nodegroup you desire.
Then display the meta ".Nodename" in the display.
As you are aware and are probably already using the Windows events within Prognosis to monitor for the key login events.
"Windows Security Log Event ID 4624 which you can tie this event to logoff events 4634 and 4647 using Logon ID.. though I realize you are probably looking for the current users logged on.
The easiest way is to create a display using NTProcess, only include the field "username" and maybe "Busy %" and then do a Combine over the "Username" field and only show combined data. This will give you a list of all users logged in and running processes.. as if they are logged in they will be running 'something'.
Then you can filter out your service accounts for MSSQL, NTAUTHORITY, etc to get your users, usually the non-service accounts jump out like a sore thumb and you can flag them as such using a visual alert.
Christopher
Yes, super easy, have the node be "Entire Network" or the Nodegroup you desire.
Then display the meta ".Nodename" in the display.
