Simple User Logon Logoff Logging on a Windows Domain
I like simple scripts, and this one is so obvious – I wonder why I didn’t think of it:
First, create a folder on your server, and share it as logon$. Make sure that users are given read and write access in the share properties, and in the folder security settings.
Create the following logon scripts and add them to the logon / logoff scripts as appropriate. Both scripts are ONE LINE ONLY.
logon.cmd
echo logon,%COMPUTERNAME%,%USERNAME%,%DATE%,%TIME% >> \\\\server1\\logon$\\Logon.csvlogout.cmd
echo logoff,%COMPUTERNAME%,%USERNAME%,%DATE%,%TIME% >> \\\\server1\\logon$\\Logon.csvOnce done, you can load the file into a program such as Excel and easily manipulate the data to find what you are looking for.
Naturally, change the name server1 to your server name. It’s a simple way to log users accessing workstations so that you know who as logged on where.
I was considering doing the same with a database and VBscript – which would inevitably slow down the logon process. This should make things wonderfully simple.
I settled on keeping the log file the same for logons and logoffs, as it seems sensible to track these in the same file. If you seperate them and say, want to find out how long a user has been logged on for, then you have to start dealing with too many seperate files.
Related posts:
- Adding Printers will Hang a Vista Logon to a Domain Vista's UAC prevents standard users from installing printer drivers by...
- Uninstall Ranger from a Computer without the RangerRemove User Sometimes it might be necessary to remove Sentinel’s Ranger software...
- Deleting files older than a specific date or age I needed to delete a chunk of cookies today –...
- Remove Network Printers from Users Before they Log On I had a little trouble with an HP Printer driver...
- Mount a Webdav folder in Ubuntu Linux Webdav is a very handy protocol for writing files back...
Related posts brought to you by Yet Another Related Posts Plugin.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
I created these two files and put them in c:/windows/sysvol/domain/scripts. Then on the DC which is SBS 2003 sp1 and added via browse to User Configuration-> Windows Settings-> Scripts (Logon/Logoff)-> Logon in the respective areas. Note, the second file I used “echo logoff” instead of “echo logon”. The log file is fully shared with domain admin and users with full permissions. Using a local workstation I can remote into the DC and get logon and logoff logs, but I don’t get any entries if I just logon and logoff the domain as a normal user from the location workstation. Any suggestions?
Thanks for the heads up on the “echo logoff” command. I’ve corrected the post re update this.
As for your problem with the log not updating, two things pop into my head:
1) Are both the shared folder AND the folder permissions set to allow read/write access to users?
2) Check that the logon script is being ran with the user account that you logon with.
To do this, logon to a Windows XP machine that should be using the script. Then…
You’ll see a group-policy style layout showing you what settings have been applied. If the logon script has been applied successfully, then you should be able to see it in the User Configuration area of the console.
Hi John, I am having the same problem as Normajm. The only thing I can think of is the folder that the file is to be written to defaults to read only in the properties (general tab), but in actual fact, anyone can write to that folder. I have given everyone full control in the securities tab and made everyone the owner of the folder as well.
I have run the mmc check above & the script has definitely been applied.
It writes for the server, but not for any other machine/login. Can you give me an idea what to try next please?
Thanks,
Heather
I moved the files into the Group Policy’s logon logoff folders and it’s working.
Glad that you got it working. It seems a little odd that it wasn’t working, even though you set the share permissions.
Anyway, if someone else has trouble it might be worth just trying to run the script from the command line to see if there is any error (such as access denied). This would probably help to find what the problem is.
Hi,
could someone go in details on how it can be done especially when u add it the group policy etc..
Thanks
Hi Mun, I suppose that in itself is another post! Keep your eyes peeled and I’ll get something put together.
There’s obviously a need for this kind of thing!
Hi
Here is a same kind of thread which has more info on user logon tracking
http://msmvps.com/blogs/richardwu/archive/2007/05/29/logging-user-logon-event.aspx