I'm currently running UDT version 3.0.2 and it's been great for seeing when people logged in, and tracing back machines to individual switch ports. My question is why does it show that I have logged into a large number of machines that I never accessed? I am a domain admin, but I haven't accessed any shares on these other machines, or opened an RDP session to them. I have noticed this same behavior for several users throughout our organization, including people who are not domain admins. Here is a sample screen shot of what I'm seeing:
I have masked the machine names, but only one of the machines listed on this page is mine. The others are random laptops, and desktops that I have not accessed. I thought UDT was reading the Event Viewer logs from the AD domain controllers to determine logon information. Is it getting this data from somewhere else, or am I missing something here?
Any insight would be greatly appreciated.
you are right - we poll event logs and whatever is in your controllers gets polled, so you may want to check what is in there...
Sometimes we are being asked why Log Ins resources are showing also data like you are seeing, and usually the answer is: servers (like patching server...) connecting to your machine. Since you have described these "users" as PCs and not in connection to your endpoint, I really think the problem is on the controller side ( event log)..