Previous
Next
Fixed font
Subject: Re: Re: report logon / logoff times of users
Author: marikani a Date: 18 Feb 2011
References:
Author: marikani a Date: 18 Feb 2011
References:
hi ,
i have found the answer from the following blog, its very usefull... http://serveradministrators.blogspot.com/2011/02/active-directory-users-logon-and-logoff.html
i have found the answer from the following blog, its very usefull... http://serveradministrators.blogspot.com/2011/02/active-directory-users-logon-and-logoff.html
> On Thursday, March 01, 2007 7:45 PM ji wrote:
> I've had the dreaded request - please get me a report of when my employees
> are logging on and off the network...
>
>
> now I know this is problematic because (as I explained to the requestor) the
> reports probably won't give this person the information they want... oh well.
>
> so here is my question- with minimal config/effort - is it possible to
> track, and report on when a group of users logon and logoff ? We are a 2003
> native mode AD house, and I don't want to have to run reports on every
> machine - We would like to know if/how we can check to see when they
> authenticate on AD, and then logoff.
>
>
> If possible, how is it done?
>
> (I'm also very open to a 3d party software solution, if it runs less than
> $150)
>
> thanks
> are logging on and off the network...
>
>
> now I know this is problematic because (as I explained to the requestor) the
> reports probably won't give this person the information they want... oh well.
>
> so here is my question- with minimal config/effort - is it possible to
> track, and report on when a group of users logon and logoff ? We are a 2003
> native mode AD house, and I don't want to have to run reports on every
> machine - We would like to know if/how we can check to see when they
> authenticate on AD, and then logoff.
>
>
> If possible, how is it done?
>
> (I'm also very open to a 3d party software solution, if it runs less than
> $150)
>
> thanks
>> On Thursday, March 01, 2007 7:57 PM Herb Martin wrote:
>> "jim" <jim@discussions.microsoft.com> wrote in message
>> news:A7894622-1B08-4596-9C62-E0B40298C8A1@microsoft.com...
>>
>> Get a clear understanding of exactly what they DO want...
>>
>> Windows users don't really "logon to the network" even though we may all say
>> something like this from time to time.
>>
>> They logon AT machines by AUTHENTICATING with a DC if they are
>> domain users. They then can use those credentials to access network
>> resources, and may even end up authenticating multiple times just do to the
>> network reliability or even Kerberos ticket expiration.
>>
>> You can certainly audit Account Logon and the dump the logon and logoff
>> times but this won't typically be that interesting.
>>
>>
>> There are some third party solutions that approximate what most peopl e
>> really want with this request but all such things are in some real (and
>> truly
>> unavoidable) sense "hacks".
>>
>>
>> You might be disappointed here.
>>
>> --
>> Herb Martin, MCSE, MVP
>> http://www.LearnQuick.Com
>> (phone on web site)
>> news:A7894622-1B08-4596-9C62-E0B40298C8A1@microsoft.com...
>>
>> Get a clear understanding of exactly what they DO want...
>>
>> Windows users don't really "logon to the network" even though we may all say
>> something like this from time to time.
>>
>> They logon AT machines by AUTHENTICATING with a DC if they are
>> domain users. They then can use those credentials to access network
>> resources, and may even end up authenticating multiple times just do to the
>> network reliability or even Kerberos ticket expiration.
>>
>> You can certainly audit Account Logon and the dump the logon and logoff
>> times but this won't typically be that interesting.
>>
>>
>> There are some third party solutions that approximate what most peopl e
>> really want with this request but all such things are in some real (and
>> truly
>> unavoidable) sense "hacks".
>>
>>
>> You might be disappointed here.
>>
>> --
>> Herb Martin, MCSE, MVP
>> http://www.LearnQuick.Com
>> (phone on web site)
>>> On Thursday, March 01, 2007 8:13 PM Richard Mueller [MVP] wrote:
>>> "Herb Martin" <news@learnquick.com> wrote in message
>>> news:u4oF$WGXHHA.600@TK2MSFTNGP05.phx.gbl...
>>>
>>> I've used logon and logoff scripts that append information to log files. At
>>> each logon/logoff, they append user name, computer name, date/time, and
>>> whether logon or logoff to the log file. You can also have startup and
>>> shutdown scripts log similar information, except there is no user. The
>>> scripts must append to a file everyone has write permissions to. I have an
>>> example logon script linked here:
>>>
>>> http://www.rlmueller.net/Logon5.htm
>>>
>>> I used to read the semicolon delimited log files into a spreadsheet for
>>> analysis. I could track logons per day, how many people used each machine,
>>> which machines weren't used much, etc. If you also have startup and shutdown
>>> scripts log information, the computer object needs permission to write to
>>> the log. I granted write permission to the group "Domain Computers".
>>>
>>> Note: AD does not track how long or where users are logged on. The lastLogon
>>> attribute on tracks when the user last authenticated to a specific DC. The
>>> local machine only tracks who has logged on.
>>>
>>> --
>>> Richard Mueller
>>> Microsoft MVP Scripting and ADSI
>>> Hilltop Lab - http://www.rlmueller.net
>>> --
>>> news:u4oF$WGXHHA.600@TK2MSFTNGP05.phx.gbl...
>>>
>>> I've used logon and logoff scripts that append information to log files. At
>>> each logon/logoff, they append user name, computer name, date/time, and
>>> whether logon or logoff to the log file. You can also have startup and
>>> shutdown scripts log similar information, except there is no user. The
>>> scripts must append to a file everyone has write permissions to. I have an
>>> example logon script linked here:
>>>
>>> http://www.rlmueller.net/Logon5.htm
>>>
>>> I used to read the semicolon delimited log files into a spreadsheet for
>>> analysis. I could track logons per day, how many people used each machine,
>>> which machines weren't used much, etc. If you also have startup and shutdown
>>> scripts log information, the computer object needs permission to write to
>>> the log. I granted write permission to the group "Domain Computers".
>>>
>>> Note: AD does not track how long or where users are logged on. The lastLogon
>>> attribute on tracks when the user last authenticated to a specific DC. The
>>> local machine only tracks who has logged on.
>>>
>>> --
>>> Richard Mueller
>>> Microsoft MVP Scripting and ADSI
>>> Hilltop Lab - http://www.rlmueller.net
>>> --
>>>> On Thursday, March 01, 2007 8:40 PM ji wrote:
>>>> Thanks herb - I'm with you on pretty much everything here.
>>>>
>>>> I guess my question is - where do I do the auditing you mentioned - I have
>>>> a fairly vague understanding of group policies. I certainly don't want to
>>>> have to pull the info from each machine - can auditing on the DC give me that
>>>> type info in a central location? I would prefer to show this requester what
>>>> the reports don't give him, and then he can either deal with it or go for a
>>>> more expensive solution
>>>>
>>>>
>>>> thanks
>>>>
>>>> "Herb Martin" wrote:
>>>>
>>>> I guess my question is - where do I do the auditing you mentioned - I have
>>>> a fairly vague understanding of group policies. I certainly don't want to
>>>> have to pull the info from each machine - can auditing on the DC give me that
>>>> type info in a central location? I would prefer to show this requester what
>>>> the reports don't give him, and then he can either deal with it or go for a
>>>> more expensive solution
>>>>
>>>>
>>>> thanks
>>>>
>>>> "Herb Martin" wrote:
>>>>> On Thursday, March 01, 2007 8:53 PM Herb Martin wrote:
>>>>> "jim" <jim@discussions.microsoft.com> wrote in message
>>>>> news:59DA6C3C-41DE-4DDB-AEA7-08E7FCD393F0@microsoft.com...
>>>>>
>>>>> Richard's solution is a good one - and can be pretty easy or very
>>>>> elaborate if you need to go there.
>>>>>
>>>>> You can easily set a Logon/Logoff script pair that does something
>>>>> like this:
>>>>>
>>>>> @echo %username%; %date%; %time%; OFF_ON; >>\\Server\Share\Log.txt
>>>>>
>>>>> Change "OFF_ON" to the correct word for each script.
>>>>>
>>>>> That is about the simple useful thing for showing logon/logoff for
>>>>> all domain users.
>>>>>
>>>>> You can easily import that to Excel (the semi-colons make parsing easy)
>>>>> or parse and sort it with various tools including Perl.
>>>>>
>>>>> Note: It will do nothing for those people who just pull the network cable
>>>>> or remove a laptop from docking station, or those who just hit the power
>>>>> button to shutdown.
>>>>>
>>>>> If you wish to "do it right" you can setup special permission on the file
>>>>> Log.txt so that no one can Read it, or delete, or overwrite (write) it,
>>>>> but they can STILL APPEND to it.
>>>>>
>>>>> --
>>>>> Herb Martin, MCSE, MVP
>>>>> http://www.LearnQuick.Com
>>>>> (phone on web site)
>>>>> news:59DA6C3C-41DE-4DDB-AEA7-08E7FCD393F0@microsoft.com...
>>>>>
>>>>> Richard's solution is a good one - and can be pretty easy or very
>>>>> elaborate if you need to go there.
>>>>>
>>>>> You can easily set a Logon/Logoff script pair that does something
>>>>> like this:
>>>>>
>>>>> @echo %username%; %date%; %time%; OFF_ON; >>\\Server\Share\Log.txt
>>>>>
>>>>> Change "OFF_ON" to the correct word for each script.
>>>>>
>>>>> That is about the simple useful thing for showing logon/logoff for
>>>>> all domain users.
>>>>>
>>>>> You can easily import that to Excel (the semi-colons make parsing easy)
>>>>> or parse and sort it with various tools including Perl.
>>>>>
>>>>> Note: It will do nothing for those people who just pull the network cable
>>>>> or remove a laptop from docking station, or those who just hit the power
>>>>> button to shutdown.
>>>>>
>>>>> If you wish to "do it right" you can setup special permission on the file
>>>>> Log.txt so that no one can Read it, or delete, or overwrite (write) it,
>>>>> but they can STILL APPEND to it.
>>>>>
>>>>> --
>>>>> Herb Martin, MCSE, MVP
>>>>> http://www.LearnQuick.Com
>>>>> (phone on web site)
>>>>>> On Thursday, March 01, 2007 9:25 PM Richard Mueller [MVP] wrote:
>>>>>> I would just add %computername% to the echo statement.
>>>>>>
>>>>>> --
>>>>>> Richard Mueller
>>>>>> Microsoft MVP Scripting and ADSI
>>>>>> Hilltop Lab - http://www.rlmueller.net
>>>>>> --
>>>>>>
>>>>>> --
>>>>>> Richard Mueller
>>>>>> Microsoft MVP Scripting and ADSI
>>>>>> Hilltop Lab - http://www.rlmueller.net
>>>>>> --
>>>>>>> On Friday, March 02, 2007 1:36 AM Herb Martin wrote:
>>>>>>> "Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
>>>>>>> message news:OcoyWIHXHHA.3568@TK2MSFTNGP06.phx.gbl...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Yes. And any other environment variable that strikes his fancy,
>>>>>>> maybe LogonServer, or even SessionName to distinguish TS
>>>>>>> from Console sessions.
>>>>>>>
>>>>>>> This is pretty rudimentary but that is the beauty of the solution
>>>>>>> that was offered (by Richard). Something simple that might
>>>>>>> satify the requestor, or at least flush out the REAL need they
>>>>>>> perceive -- and it is quick and free to impliment.
>>>>>>>
>>>>>>> This could be working in about 30 minutes including testing.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Herb Martin, MCSE, MVP
>>>>>>> http://www.LearnQuick.Com
>>>>>>> (phone on web site)
>>>>>>> message news:OcoyWIHXHHA.3568@TK2MSFTNGP06.phx.gbl...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Yes. And any other environment variable that strikes his fancy,
>>>>>>> maybe LogonServer, or even SessionName to distinguish TS
>>>>>>> from Console sessions.
>>>>>>>
>>>>>>> This is pretty rudimentary but that is the beauty of the solution
>>>>>>> that was offered (by Richard). Something simple that might
>>>>>>> satify the requestor, or at least flush out the REAL need they
>>>>>>> perceive -- and it is quick and free to impliment.
>>>>>>>
>>>>>>> This could be working in about 30 minutes including testing.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Herb Martin, MCSE, MVP
>>>>>>> http://www.LearnQuick.Com
>>>>>>> (phone on web site)
>>>>>>> Submitted via EggHeadCafe
>>>>>>> SharePoint Tip / Thought of the Day WebPart
>>>>>>> http://www.eggheadcafe.com/tutorials/aspnet/14280ff8-3c9f-46bd-8214-9267e613c8ec/sharepoint-tip--thought-of-the-day-webpart.aspx
>>>>>>> SharePoint Tip / Thought of the Day WebPart
>>>>>>> http://www.eggheadcafe.com/tutorials/aspnet/14280ff8-3c9f-46bd-8214-9267e613c8ec/sharepoint-tip--thought-of-the-day-webpart.aspx
Previous
Next