Announcement

Collapse
No announcement yet.

User Logon Tracking / History

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • User Logon Tracking / History

    Hello,
    I been trying to find a way to track users logon history, either with 3rd party software or with MS. Does anyone know how to be able to know the last time a user logon succesfully what times the user logoff and keep a history up to time specified. I know the event viewer as a lot of information on this, but it is almost impossible to track a single user's activity when you have many users login in and out and the event viewer creates many entries for each user's logon and logoff sessions. Novell gives you a simple history screen for each user right in active directory, I wish Microsoft did the same in the active directory Users and Computers.

    Thank you,

  • #2
    Re: User Logon Tracking / History

    microsoft doens't provide such method.
    As an workarround you can create a logon/logoff script who generates output to a txt file or maybe a csv file.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: User Logon Tracking / History

      Maybe this will help:

      http://forums.petri.com/showthread.p...gon+batch+file

      Michael
      Michael Armstrong
      www.m80arm.co.uk
      MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: User Logon Tracking / History

        you can do this very easly without investing in any 3rd party software by using a login script that writes logins into CSV file (and that is of course, if you are too lazy tracking windows logon events in DC event log).

        here is a sample to such a script that dumps it into a CSV file...

        --------------------------------------------------------------------------------------------

        On Error Resume Next

        Set wn = WScript.CreateObject("WScript.Network")
        Set WshShell = WScript.CreateObject("WScript.Shell")
        Set fso = WScript.CreateObject("Scripting.FileSystemObject")
        '--------------------------------------------------------------------------
        'connect to WMI locacator
        strComputer = "."
        Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
        Set colOperatingSystems = objWMIService.ExecQuery _
        ("Select * from Win32_OperatingSystem")
        Set colmem = objWMIService.ExecQuery _
        ("Select * from Win32_LogicalMemoryConfiguration")
        Set colproc = objWMIService.ExecQuery _
        ("Select * from Win32_Processor")
        Set IPConfigSet = objWMIService.ExecQuery _
        ("Select IPAddress from Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
        Set MACconf = objWMIService.ExecQuery _
        ("Select * from Win32_NetworkAdapterConfiguration where IPEnabled=True")

        '--------------------------------------------------------------------------
        'Connect To user/computer object In the domain
        MUser = WshShell.ExpandEnvironmentStrings("%USERNAME%")
        MComputer = WshShell.ExpandEnvironmentStrings("%computername%" )
        WinDir = WshShell.ExpandEnvironmentStrings("%SystemRoot%")
        MDOmain = "DomainName"
        Set usr = GetObject("WinNT://" & MDomain & "/" & MUser & ",user")
        '--------------------------------------------------------------------------
        'Gather OS , service pack informaition, processor, memory, mac addtess, ipaddress



        Dim OS, ServicePack, Colmemory, processor, macaddr, ipaddr

        For Each objOperatingSystem In colOperatingSystems

        OS = objOperatingSystem.caption

        Next

        For Each objOperatingSystem In colOperatingSystems

        ServicePack = objOperatingSystem.ServicePackMajorVersion & "." & objOperatingSystem.ServicePackMinorVersion

        Next


        For Each mem in colmem

        Colmemory = mem.TotalPhysicalMemory

        Next



        For Each proc in colproc

        processor = proc.CurrentClockSpeed

        Next



        For Each IPConfig in IPConfigSet

        If Not IsNull(IPConfig.IPAddress) Then

        For i=LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)



        If IPConfig.IPAddress(i) <> "0.0.0.0" Then

        ipaddr = ipaddr + IPConfig.IPAddress(i)

        End If

        Next

        End If

        Next

        For Each IPConfig In MACconf
        macaddr = IPConfig.MACAddress
        Next
        '--------------------------------------------------------------------------
        'Report to a logfile user & computer data
        Const ForAppending = 8
        Dim LogFile
        Set LogFile = fso.OpenTextFile("\\server\LoginData$\Users_login. csv", ForAppending, True)
        LogFile.WriteLine MComputer & "," & MUser & "," & OS & "," & ServicePack _
        & "," & processor & "," & Colmemory & "," & ipaddr & "," & macaddr & "," & Time & "," & Date
        LogFile.close
        '--------------------------------------------------------------------------


        hope that helps....
        Yaniv Feldman
        Microsoft Security Regional Director
        Microsoft Management Expert
        MCSA, MCSE, MCT

        Comment

        Working...
        X