# Log of IP addresses accessing Windows 2012 Server



## paul_carron (Oct 15, 2006)

Hi,

Is there any history or log on a Windows 2012 Server that will detail IP addresses that connected to the server? I've noticed a few pretty serious changes to settings on the server. Unfortunately the whole team uses the same logon(a problem I know) so I want to trace the IP address. I know the date and time the change was made so if I can get the IP address of any device that was connected at that time I think I'll know who made the changes.

Cheers
Paul


----------



## lunarlander (Sep 22, 2007)

If you have enabled logging for "Audit account logon events" and "Audit logon events" in Local Security Policies > Local Policies > Audit policy. Then any account logon will generate an event viewer log entry. 

In Event Viewer, create a custom view and filter for Event ID's 4624,4636,4803,4801. These are all logon events. Then hunt for Logon Type: 3 manually, ( type 3 means network logon ) and you will see Source Network Address in the same log entry.


----------

