I'm currently running UDT version 3.0.2 and it's been great for seeing when people logged in, and tracing back machines to individual switch ports. My question is why does it show that I have logged into a large number of machines that I never accessed? I am a domain admin, but I haven't accessed any shares on these other machines, or opened an RDP session to them. I have noticed this same behavior for several users throughout our organization, including people who are not domain admins. Here is a sample screen shot of what I'm seeing:
I have masked the machine names, but only one of the machines listed on this page is mine. The others are random laptops, and desktops that I have not accessed. I thought UDT was reading the Event Viewer logs from the AD domain controllers to determine logon information. Is it getting this data from somewhere else, or am I missing something here?
Any insight would be greatly appreciated.