I've been trying for weeks to get an nDepth report created that shows ONLY interactive logons to servers by domain admins; it seems no matter what I do I get too little or too much data... I haven't been able to get a solution for this from LEM support either, so while we work on this I figured I'd try posting here to see if anyone has done anything similar and can offer any suggestions as to report logic.
To be clear, the goal is this: I want to know whenever any domain admin logs onto a server by RDP, physical server console, Citrix, etc..
I've been playing with some reports filtering them on:
User.Logon,DestinationAccount Contains Domain Admins
AND
UserLogon.LogonType = Windows: Interactive (this returns way too much)
and various other Windows logon types..but nothing is returning what I want to see. I'm sure someone else must have written similar reports, anyone have any suggestions?
-Keith