We are running securid v8.2 Sp1 Patch 3 and Windows agents 7.3.3. We are using challenge groups in AD to identify RSA users with tokens, but we need to identify any user that is trying to authenticate to the servers that does not have a token or is not a member of the challenge groups. Where is this information located and how do we access it?
In both the local Windows Event logs and if you configure verbose logging for the agent
the trace.log should show who was challenged and who was not.