Audit Users
IT Asset Tool can monitor access to the Users Event. It is important to maintain the security of the server and the client. The audit must be done after setting the login / logout event log by means of a GPO. (See F.A.Q.)
IT Asset Tool can monitor and log user access. The audit must be done after setting up the log of login/logout events by means of a GPO. (see F.A.Q.)
IT Asset Tool detects the following events in each monitored system.
Id | Description |
528 | Successful Logon |
529 | Logon Failure - Unknown user name or bad password |
538 | User Logoff |
551 | User initiated logoff |
644 | User Account Locked Out |
4624 | An account was successfully logged on |
4625 | An account failed to log on |
4634 | An account was logged off |
4647 | User initiated logoff |
4720 | A user account was created |
4722 | A user account was enabled |
4723 | An attempt was made to change an account's password |
4724 | An attempt was made to reset an account's password |
4725 | A user account was disabled |
4726 | A user account was deleted |
4727 | A security-enabled global group was created |
4728 | A member was added to a security-enabled global group |
4729 | A member was removed from a security-enabled global group |
4730 | A security-enabled global group was deleted |
4740 | An account was successfully logged on |
4767 | A user account was unlocked |
When filtering reports, it is possible to insert such administrator users from the "Config" menu:
The audit Users can be done by inserting the new optional parameter "admin" follow the client guide or in the case of an agent less installation the configuration is done in fully automatic mode thanks to the initial Wizard.