Announcement

Collapse
No announcement yet.

Logs local administrators user in all pc

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Logs local administrators user in all pc

    Please help me to find a vbscript / batch to:

    1: Log all local administrators per pc.

    The output will save on a hidden network share and a filename hostname+IPaddress.txt.


    Thanks and God bless

  • #2
    Re: Logs local administrators user in all pc

    If the clients have dynamic IP Addresses then I would not choose a filename like: hostname+IPaddress.txt
    You'll get several files with hostname and different IP.

    You can run the batch as computer startup script, or user logonscript.
    If running it when the user logon, you can also log the username.

    sample:
    Code:
    @echo off
    
    ::Get IP address
    For /f "tokens=2 delims=[]" %%* in ('ping.exe %computername% -n 1 -w 1') Do set strIP=%%*
    
    ::Get date stamp
    for /f "tokens=2-4 skip=1 delims=(-./)" %%i in ('echo.^|date') do (
       for /f "tokens=1-4 delims=-./ " %%m in ('date /t') do (
          (set dow=%%m)&(set %%i=%%n)&(set %%j=%%o)&(set YYYY=%%p)
       )
    )
    ::Devide the Current Time in timeparts, HH, NN, SS and Sd
    For /F "tokens=1-4 delims=:., " %%i in ('echo.%time%') Do (
       (Set HH=0%%i)&(set NN=%%j)&(set SS=%%k)&(Set Sd=%%l)
    )
    Set "HH=%HH:~-2%"
    
    Set "datestamp=%YYYY%-%MM%-%DD%"
    Set "timestamp=%HH%,%NN%,%SS%"  where NN is Minutes
    
    
    >"path\%computername%.txt" (
      echo.%datestamp% %timestamp% %computername% [%strIP%]
      echo.
      net localgroup Administrators | Find /v "---"
      echo.*********************************************
      echo.logged-on user: %username%
    )
    Use quotes round the path\filename
    Change the single > to >> if you want to append data to the file,
    When leaving it a single > then everytime logon the file will be overwritten with new data.

    A quick way to echo date and time would be
    echo.%date% %time%
    But in the the batch I preferred to use a date/time stamp (you can use this format in the filename if you like).


    \Rems
    Last edited by Rems; 13th September 2008, 13:24. Reason: corrected double using the variablename MM

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment


    • #3
      Re: Logs local administrators user in all pc

      Thanks Mod Rems

      I will give it a try.

      Comment


      • #4
        Re: Logs local administrators user in all pc

        Mod Rems

        It WORKS!!!
        Like you said I modify the path name and %datestamp% to %date%

        Thanks for you Help Buddy

        Comment


        • #5
          Re: Logs local administrators user in all pc

          Glad to help, totoy bato

          I edit the batch a little to make it run faster
          I changed the line:
          Code:
          ::Get IP address
          For /f "tokens=2 delims=[]" %%* in ('ping.exe %computername%') Do set strIP=%%*
          To
          Code:
          ::Get IP address
          For /f "tokens=2 delims=[]" %%* in ('ping.exe %computername% -n 1 -w 1') Do set strIP=%%*

          If you prefere to use %date% and %time% and not using %datestamp% and %timestamp% Then you can skip the green colored code from the batch.


          \Rems

          This posting is provided "AS IS" with no warranties, and confers no rights.

          __________________

          ** Remember to give credit where credit's due **
          and leave Reputation Points for meaningful posts

          Comment


          • #6
            Re: Logs local administrators user in all pc

            Mod Rems,

            My boss wants all the logs to be transfer to one excel file.
            Is this possible?

            Comment


            • #7
              Re: Logs local administrators user in all pc

              How about a CSV-file, you can open it with Excel

              Code:
              :: This logon batch, list the
              :: members of the local group administrators
              :: note, unresolvable sids can slowdown the run,
              ::       unresolved sids are not showed in the list
              ::
              
              @echo off
              setlocal ENABLEDELAYEDEXPANSION
              
              Set "exportfile=c:\test\%computername%-log.csv"  folder must exist.
              
              :: Get IP address
              For /f "tokens=2 delims=[]" %%* in ('ping.exe %computername% -n 1 -w 1') Do set strIP=%%*
              
              :: Get date stamp
              for /f "tokens=2-4 skip=1 delims=(-./)" %%i in ('echo.^|date') do (
                 for /f "tokens=1-4 delims=-./ " %%m in ('date /t') do (
                    (set dow=%%m)&(set %%i=%%n)&(set %%j=%%o)&(set YYYY=%%p)
                 )
              )
              :: Devide the Current Time in timeparts, HH, NN, SS and Sd
              For /F "tokens=1-4 delims=:., " %%i in ('echo.%time%') Do (
                 (Set HH=0%%i)&(set NN=%%j)&(set SS=%%k)&(Set Sd=%%l)
                 Set "HH=!HH:~-2!"
              )
              
              :: Determine local Admins
              For /f "delims=" %%* in ('Net.exe localgroup Administrators') Do (
               If NOT [!catch!]==[] (
                 If NOT [!Member!]==[] (
                   Set ListAdmins=!ListAdmins!,!Member!)
                 Set "Member=%%*"
               ) ELSE (echo.%%* | find "------ ">nul &&Set catch=nowdefined)
               )
              )
              (Set ListAdmins="%ListAdmins:~1%")
              
              
              If NOT Exist "%exportfile%" (
                >"%exportfile%" (echo.date (ymd^),time,computername,ip,current user,Local Administrators)
              )
              
              >>"%exportfile%" (
                echo.%YYYY%%MM%%DD%,%HH%:%NN%:%SS%,%computername%,%strIP%,%username%,%ListAdmins%)
              )
              Endlocal
              echo.Done
              \Rems
              Last edited by Rems; 13th September 2008, 14:53.

              This posting is provided "AS IS" with no warranties, and confers no rights.

              __________________

              ** Remember to give credit where credit's due **
              and leave Reputation Points for meaningful posts

              Comment


              • #8
                Re: Logs local administrators user in all pc

                Hello Mod Rems

                I change the logs to a filename rather than %computername%

                eg.
                Set "exportfile=r:\localadmins-log.csv" (r:\ is a map drive)
                It appends all the computers with local admins rights on that . CSV file

                Heres the problem:

                When I open the .csv files there's a lot of duplicate computer names that are being log. Is it possible to eliminate the duplicate computer names and list only recent one?


                Thanks for your help!
                Last edited by totoy bato; 16th September 2008, 09:53. Reason: additional infor

                Comment


                • #9
                  Re: Logs local administrators user in all pc

                  Originally posted by totoy bato View Post
                  I change the logs to a filename rather than %computername%

                  eg.
                  Set "exportfile=r:\localadmins-log.csv" (r:\ is a map drive)
                  It appends all the computers with local admins rights on that . CSV file
                  It is not nesseary to use a mapped drive, you can use a UNC path to write the logs to.
                  It is recommended to create for each computer a own csv file. When include the name of the computer in the filename you can avoid 'file in use' errors when registrations happen at the same time from different computers.
                  If you want one csv file containing all the latest computer logs, then use a 2nd batch to merge the separate computer-logs in that folder.


                  Originally posted by totoy bato View Post
                  When I open the .csv files there's a lot of duplicate computer names that are being log. Is it possible to eliminate the duplicate computer names and list only recent one?
                  To keep a Log of only the latest data, replace
                  Code:
                  >>"%exportfile%" (
                    echo.%YYYY%%MM%%DD%,%HH%:%NN%:%SS%,%computername%,%strIP%,%username%,%ListAdmins%)
                  )
                  with
                  Code:
                  >"%exportfile%" (
                    echo.%YYYY%%MM%%DD%,%HH%:%NN%:%SS%,%computername%,%strIP%,%username%,%ListAdmins%)
                  )
                  where the name of the exporfile starts with the name of the computer (like it is in the original batch).
                  Also (!), remove the below code completely from that batch:
                  Code:
                  If NOT Exist "%exportfile%" (
                    >"%exportfile%" (echo.date (ymd^),time,computername,ip,current user,Local Administrators)
                  )
                  Now create a second batch that can merge the computername-log.csv files to one CSV file.
                  Code:
                  :: filename = localadmins-log.cmd
                  
                  @echo off
                  setlocal ENABLEDELAYEDEXPANSION
                  
                  Set "LogsFolder=\\unc\folder"
                  
                  :: Get date stamp
                  for /f "tokens=2-4 skip=1 delims=(-./)" %%i in ('echo.^|date') do (
                     for /f "tokens=1-4 delims=-./ " %%m in ('date /t') do (
                        (set dow=%%m)&(set %%i=%%n)&(set %%j=%%o)&(set YYYY=%%p)
                     )
                  )
                  :: Devide the Current Time in timeparts, HH, NN, SS and Sd
                  For /F "tokens=1-4 delims=:., " %%i in ('echo.%time%') Do (
                     (Set HH=0%%i)&(set NN=%%j)&(set SS=%%k)&(Set Sd=%%l)
                     Set "HH=!HH:~-2!"
                  )
                  
                  :: merge to workfile and open
                  Set "workfile=%YYYY%%MM%%DD%%HH%%NN%%SS%_merged_logs.csv"
                  
                  If Exist "%LogsFolder%" (
                     PushD "%LogsFolder%"
                     For /f "delims=" %%* in ('Dir /B "*_merged_logs.csv" 2^>nul') do (Del /f /q "%%*")
                     Set "AddTitles=(titles)-log.csv" & >"!AddTitles!" (
                         echo.date (ymd^),time,computername,ip,current user,Local Administrators)
                     For /f "delims=" %%* in ('Dir /B /OD "*-log.csv" 2^>nul') do (Set list="%%*" !list!)
                     Set list=!list:" "="+"!
                     start /b /w "merge" %comspec% /c Copy /b !list! "%workfile%"
                     Del /f /q "!AddTitles!"
                     PopD
                  )
                  
                  If Exist "%LogsFolder%\%workfile%" (
                     start /b "openfile" "%LogsFolder%\%workfile%"
                  )
                  endlocal
                  Run this batch from a computer where excel is installed on, and that has access to the share.

                  \Rems
                  Last edited by Rems; 18th September 2008, 16:15.

                  This posting is provided "AS IS" with no warranties, and confers no rights.

                  __________________

                  ** Remember to give credit where credit's due **
                  and leave Reputation Points for meaningful posts

                  Comment


                  • #10
                    Re: Logs local administrators user in all pc

                    Hello Mod Rems
                    Hooray!!!
                    IT WORKS!!! Thanks for your BIIIGGGGGGGGGGGGGGGGGGGGGG HELLLLLLLLLLPPPPPPPPPPPPPPPPPP!!!!!!

                    Comment


                    • #11
                      Re: Logs local administrators user in all pc

                      Mod Rems

                      I have a problem in merging the logs.
                      if the logs is more than 300 pieces the merging is terminate and no merge file is created but if the logs are 150 the merging was successfull.


                      Thanks

                      Comment


                      • #12
                        Re: Logs local administrators user in all pc

                        I knew there was a limitation, but I had no idea how far it could go.
                        The problem is most likely caused by this command I used in the batch that is merging the logs:
                        ... Copy /b !list! "%workfile%"

                        When the !list! (that is containing the names of the logfiles) gets to long, files are not copied (joined) anymore.

                        An alternative is to replace the copy command with:
                        ... Copy /b "*-log.csv" "%workfile%"
                        But then, the problem could arise that the first-line, containing the column titles, is not alway being placed at the top of the list.

                        A better solution would be to perform a cumulative copy, like
                        copy /b "(titles)-log.csv" "%workfile%"
                        For-Do loop for each "*-log.csv" file:
                        ... copy /b "%workfile%" + "%%*"

                        Wait, I will show an sample of this this evening when I am at home.


                        \Rems

                        This posting is provided "AS IS" with no warranties, and confers no rights.

                        __________________

                        ** Remember to give credit where credit's due **
                        and leave Reputation Points for meaningful posts

                        Comment


                        • #13
                          Re: Logs local administrators user in all pc

                          Originally posted by Rems View Post
                          Wait, I will show a sample of this, this evening when I am at home.
                          OK.. here are both batch files.

                          The first one, is the Logonscript that runs every time a user is logging in from the client. Only the most recent log is kept.
                          Code:
                          :: source: forums.petri.com/showthread.php?t=27548
                          :: This logon batch, list the
                          :: members of the local group administrators on the computer
                          :: Only the most recent log is kept in a shared folder,
                          ::     but if you'd prefer to keep every logon log made by the computer,
                          ::     then change the redirection notation to  >>"%exportfile%" (
                          ::
                          :: note,
                          ::       unresolvable sids can slowdown the run,
                          ::       unresolved sids are not showed in the list
                          
                          
                          @echo off
                          setlocal ENABLEDELAYEDEXPANSION
                          
                          Set "exportfile=\\uncpath\folder\%computername%-log.csv"  folder must exist.
                          
                          :: Get IP address
                          For /f "tokens=2 delims=[]" %%* in ('ping.exe %computername% -n 1 -w 1') Do set strIP=%%*
                          
                          :: Get date stamp
                          for /f "tokens=2-4 skip=1 delims=(-./)" %%i in ('echo.^|date') do (
                             for /f "tokens=1-4 delims=-./ " %%m in ('date /t') do (
                                (set dow=%%m)&(set %%i=%%n)&(set %%j=%%o)&(set YYYY=%%p)
                             )
                          )
                          :: Devide the Current Time in timeparts, HH, NN, SS and Sd
                          For /F "tokens=1-4 delims=:., " %%i in ('echo.%time%') Do (
                             (Set HH=0%%i)&(set NN=%%j)&(set SS=%%k)&(Set Sd=%%l)
                             Set "HH=!HH:~-2!"
                          )
                          
                          :: Determine local Admins
                          For /f "delims=" %%* in ('Net.exe localgroup Administrators') Do (
                           If NOT [!catch!]==[] (
                             If NOT [!Member!]==[] (
                               Set ListAdmins=!ListAdmins!,!Member!)
                             Set "Member=%%*"
                           ) ELSE (echo.%%* | find "------ ">nul &&Set catch=nowdefined)
                           )
                          )
                          (Set ListAdmins="%ListAdmins:~1%")
                          
                          >"%exportfile%" (
                            echo.%YYYY%%MM%%DD%,%HH%:%NN%:%SS%,%computername%,%strIP%,%username%,%ListAdmins%)
                          )
                          Endlocal
                          echo.Done
                          The second batch is a tool that merges the logfiles made by the clients, and opens the gathered information in excel.
                          Code:
                          :: source: forums.petri.com/showthread.php?t=27548
                          :: filename = localadmins-log.cmd
                          :: a tool that merges the separate logfiles, and opens the gathered information in excel.
                          ::
                          :: Run this batch from a computer where excel is installed on, and that has access to the share.
                          
                          @echo off
                          setlocal ENABLEDELAYEDEXPANSION
                          
                          Set "LogsFolder=\\uncpath\folder"
                          
                          :: Get date stamp
                          for /f "tokens=2-4 skip=1 delims=(-./)" %%i in ('echo.^|date') do (
                             for /f "tokens=1-4 delims=-./ " %%m in ('date /t') do (
                                (set dow=%%m)&(set %%i=%%n)&(set %%j=%%o)&(set YYYY=%%p)
                             )
                          )
                          :: Devide the Current Time in timeparts, HH, NN, SS and Sd
                          For /F "tokens=1-4 delims=:., " %%i in ('echo.%time%') Do (
                             (Set HH=0%%i)&(set NN=%%j)&(set SS=%%k)&(Set Sd=%%l)
                             Set "HH=!HH:~-2!"
                          )
                          
                          :: merge to a workfile and open the file in excel
                          Set "workfile=%YYYY%%MM%%DD%%HH%%NN%%SS%_merged_logs.csv"
                          
                          If Exist "%LogsFolder%" (
                             PushD "%LogsFolder%" &&(
                             For /f "delims=" %%* in ('Dir /B "*_merged_logs.csv" 2^>nul') do (Del /f /q "%%*")
                          
                             >"%workfile%" (
                                 echo.date (ymd^),time,computername,ip,current user,Local Administrators
                             )
                          
                             :: Sort the logs by Date and merge
                             For /f "delims=" %%* in ('Dir /B /O-D "*-log.csv" 2^>nul') do (
                               start /b /w "merge" %comspec% /c copy /b "%workfile%" + "%%*"
                             )
                             PopD)
                          )
                          
                          If Exist "%LogsFolder%\%workfile%" (
                             start /b "openfile" "%LogsFolder%\%workfile%"
                          )
                          endlocal
                          \Rems
                          Last edited by Rems; 26th September 2008, 21:04.

                          This posting is provided "AS IS" with no warranties, and confers no rights.

                          __________________

                          ** Remember to give credit where credit's due **
                          and leave Reputation Points for meaningful posts

                          Comment


                          • #14
                            Re: Logs local administrators user in all pc

                            Thanks MOD REMS!!

                            I can now merge tons of logs without any problems!!!!

                            Thanks for YOUR HELP!!!

                            Comment


                            • #15
                              Re: Logs local administrators user in all pc

                              Did you try using Windows Event Collector in your issue?

                              Comment

                              Working...
                              X