Announcement

Collapse
No announcement yet.

user login and logout monitor

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • user login and logout monitor

    Dear Sir's,

    i want to gather the all user login and logout times (desktops/laptops) in the domain

    in windows server 2012 standard we have hosted AD.and all client systems with windows 8.1 OS

    Please help on this


  • #2
    Group policy to enable auditing of account logons, plus possibly event forwarding to a central location
    will take you further
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Originally posted by Ossian View Post
      Group policy to enable auditing of account logons, plus possibly event forwarding to a central location
      will take you further

      It's worth noting that you need to collect these events from all the DCs in the domain, as users/computers may logon to different DCs, and these events are stored locally on each DC.
      Cheers,

      Daniel Petri
      Microsoft Most Valuable Professional - Active Directory Directory Services
      MCSA/E, MCTS, MCITP, MCT

      Comment


      • #4
        I've always liked the logon/log off script method.
        Someone has written a guide here.
        https://community.spiceworks.com/how...thout-software

        Microsoft has some extra variables to add to the above:
        https://support.microsoft.com/en-us/kb/556015
        2. Create a logon script on the required domain/OU/user account with the following content:
        echo %date%,%time%,%computername%,%username%,%sessionna me%,%logonserver% >>


        3. Create a logoff script on the required domain/OU/user account with the following content:
        echo %date%,%time%,%computername%,%username%,%sessionna me%,%logonserver% >>
        Please remember to award reputation points if you have received good advice.
        I do tend to think 'outside the box' so others may not always share the same views.

        MCITP -W7,
        MCSA+Messaging, CCENT, ICND2 slowly getting around to.

        Comment


        • #5
          Originally posted by uk_network View Post
          I've always liked the logon/log off script method.
          Someone has written a guide here.
          https://community.spiceworks.com/how...thout-software

          Microsoft has some extra variables to add to the above:
          https://support.microsoft.com/en-us/kb/556015
          2. Create a logon script on the required domain/OU/user account with the following content:
          echo %date%,%time%,%computername%,%username%,%sessionna me%,%logonserver% >>


          3. Create a logoff script on the required domain/OU/user account with the following content:
          echo %date%,%time%,%computername%,%username%,%sessionna me%,%logonserver% >>
          Sir,i added the script (https://community.spiceworks.com/how...thout-software) in GPO but no records are showing in computer,user folder

          updated GPO,restarted client machine,removed and added freshly the script in gpo but not worked
          Last edited by VMware; 18th August 2015, 06:44.

          Comment


          • #6
            Maybe you should post your script for us to have a look at.

            Comment


            • #7
              Sir,

              Please find the scripts
              Attached Files

              Comment


              • #8
                Originally posted by VMware View Post
                Sir,

                Please find the scripts
                Logon
                Code:
                rem The following line creates a rolling log file of usage by workstation  
                echo Log In %Date% %TIME% %USERNAME% >> \\172.16.30.5\Logons\Computer\%COMPUTERNAME%.log
                 
                rem The following line creates a rolling log file of usage by user  
                echo Log In %Date% %TIME% %COMPUTERNAME% >> \\172.16.30.5\Logons\User\%USERNAME%.log
                Logoff
                Code:
                  
                
                rem The following line creates a rolling log file of usage by workstation  
                echo Log Off %Date% %TIME% %USERNAME% >> \\172.16.30.5\Logons\Computer\%COMPUTERNAME%.log  
                
                rem The following line creates a rolling log file of usage by user  
                echo Log Off %Date% %TIME% %COMPUTERNAME% >> \\172.16.30.5\Logons\User\%USERNAME%.log
                Posted from the above TXT files so readers do not feel uncomfortable opening attached files.
                1 1 was a racehorse.
                2 2 was 1 2.
                1 1 1 1 race 1 day,
                2 2 1 1 2

                Comment


                • #9
                  Thanks Sir biggles77

                  Comment


                  • #10

                    Hello. as long as you added the script correctly to the GPO then I'd look at the path. \\172.16.30.5\Logons\User\ It may be worth sharing out the user directory and give then everyone group modify permissions to the share, in the sharing tab and also the security tabl So the new share may look like \\172.16.30.5\User$ The $ will make the share a hidden share. Then test again. I think (correct me if im wrong)this script will run under the computers local system account so that needs to be able to modify the above share.

                    Having looked again. You could just share the folder \\172.16.30.5\Logons\ and everyone to permissions to modify, and after some testing you can lock it down further.

                    Last edited by uk_network; 27th August 2015, 08:46.
                    Please remember to award reputation points if you have received good advice.
                    I do tend to think 'outside the box' so others may not always share the same views.

                    MCITP -W7,
                    MCSA+Messaging, CCENT, ICND2 slowly getting around to.

                    Comment

                    Working...
                    X