Workstation Status

Here is at least part of it:
SS ID Number: Q189541
Article last modified on 08-28-1998
 
Windows:95,98;WinNT:4.0
 
WINDOWS winnt
 

======================================================================
---------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Windows, versions 95, 98
 - Microsoft Windows NT Server version 4.0
 - Microsoft Windows NT Server, Enterprise Edition version 4.0
---------------------------------------------------------------------
 
IMPORTANT: This article contains information about editing the registry.
Before you edit the registry, make sure you understand how to restore it if
a problem occurs. For information on how to do this, view the "Restoring
the Registry" online Help topic in Regedit.exe or the "Restoring a Registry
Key" online Help topic in Regedt32.exe.
 
SUMMARY
=======
 
Account lockouts can be very difficult to track for several reasons. One
reason is that the bad password attempts are only recorded on the domain
controller that processed the logon attempt (this is for Windows 95 and
Windows 98 clients). Another problem is that, because Windows NT clients
are capable of recording the information locally, a log entry is not
recorded on any domain controller.
 
MORE INFORMATION
================
 
A relatively easy way to track bad password attempts in a domain is to
install the checked build of Netlogon.dll on the primary domain controller
(PDC). This will create a text file on the PDC that can be examined to
determine which clients are generating the bad password attempts, for both
Windows NT and Windows 95 clients.
 
The checked build of Netlogon.dll can be obtained from Microsoft Technical
Support and also in the Microsoft DDK.
 
WARNING: Using Registry Editor incorrectly can cause serious problems that
may require you to reinstall your operating system. Microsoft cannot
guarantee that problems resulting from the incorrect use of Registry Editor
can be solved. Use Registry Editor at your own risk.
 
For information about how to edit the registry, view the "Changing Keys And
Values" online Help topic in Registry Editor (Regedit.exe) or the "Add and
Delete Information in the Registry" and "Edit Registry Data" online Help
topics in Regedt32.exe. Note that you should back up the registry before
you edit it.
 
To install the checked build of Netlogon.dll on Windows NT 4.0:
 
1. Go to the %windir%\System32 folder.
 
2. Rename Netlogon.dll to Netlogon.fre.
 
3. Copy the checked version of Netlogon.dll to the System32 folder.
 
4. Start Regedt32, and go to the following key:
 
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon
      \Parameters\DBFlag
 
   NOTE: The above registry key is one path; it has been wrapped for
   readability.
 
5. Change HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon
   \Parameters\DBFlag to 0x4 and quit Regedt32.
 
   NOTE: Setting DBFlag to 0x4 will only record logon processing. Setting
   it to 0x20000004 will record the time stamp in addition to the logon
   event.
 
6. Restart the server
 
7. Confirm that the debug directory was created under the %windir% folder
   and contains a Netlogon.log file.
 
Examples
--------
 
In the examples below:
PORSCHE\example = User Account
TARGA =           BDC
928S4 =           Windows NT Workstation
928WIN95 =        Windows 95
911Turbo =        PDC
 
Different clients will log different messages.
 
Windows NT Workstation:
 
[LOGON] SamLogon: Interactive logon of PORSCHE\example from 928S4 (via
   TARGA) Entered
 
[LOGON] SamLogon: Interactive logon of PORSCHE\example from 928S4 (via
   TARGA) Returns 0xC000006A
 
[LOGON] SamLogon: Interactive logon of PORSCHE\example from 928S4 (via
   TARGA) Entered
 
[LOGON] SamLogon: Interactive logon of PORSCHE\example from 928S4 (via
   TARGA) Returns 0xC0000234
 
In the above example, you can see where we try to log on, fail with a bad
password, try to log on again, and then fail with a locked out account.
 
The only difference with Windows 95 and Windows 98 is the omission of the
domain name:
 
[LOGON] SamLogon: Network logon of (null)\EXAMPLE from \\928WIN95 (via
   TARGA) Entered
 
[LOGON] SamLogon: Network logon of (null)\EXAMPLE from \\928WIN95 (via
   TARGA) Returns 0xC000006A
 
LOGON] SamLogon: Network logon of (null)\EXAMPLE from \\928WIN95 (via
   TARGA) Entered
 
[LOGON] SamLogon: Network logon of (null)\EXAMPLE from \\928WIN95 (via
   TARGA) Returns 0xC0000234
 
A successful account logon will look like:
 
[LOGON] SamLogon: Network logon of (null)\EXAMPLE from \\928WIN95 Entered
 
[LOGON] SamLogon: Network logon of (null)\EXAMPLE from \\928WIN95 Returns
   0x0
 
[LOGON] NetrLogonUasLogon of EXAMPLE from 928WIN95 returns 0
 
The errors you will most likely receive will be:
 
   0xC0000234      User logon with Account Locked
   0xC000006A      User logon with Misspelled or bad Password
   0xC0000072      User logon to account disabled by Administrator
   0xC0000193      User logon with Expired Account
   0xC0000070      User logon from unauthorized workstation
   0xC000006F      User logon Outside authorized hours
   0xC0000224      User logon with "Change Password at Next Logon"
                   flagged
   0xC0000071      User logon with Expired Password
   0xC0000064      User logon with Misspelled or Bad User Account
 
To track user account lockouts, only the 234 and 6A errors are important to
us.
 
After the workstation sending the bad passwords has been identified, the
workstation can be configured correctly or the user can be informed of the
correct password.
 
Additional query words: pass thru through authentication
======================================================================
Version           : Windows:95,98;WinNT:4.0
Platform          : WINDOWS winnt
Issue type        : kbhowto
=============================================================================
Copyright Microsoft Corporation 1998.


 

I am trying to get the up time of each workstation logged on to the network, the password logon proposal will not achieve the up time of each logged on workstation.

I am trying to get the up time of each workstaion logged on to the network. I have tried Srvinfo.exe from the resource kit, although it gives me the up time of a workstation it also gives me additional information, which takes up to 10 minutes to retrieve, with 168 workstations this is mot acceptable. Is there a script or command I can use? I appreciate all the help I can get.

Here's another approach than above (which was some pretty cool info, even if it didn't answer the right question!):

Consider asking the question against each of your NT file servers using the command "net session>netsession.rpt". Run this command on each server using something like a periodic batch file launched by the schedule service on each server. You can then have a second script from a master computer which retrieves the reports from each of the servers.

   This is certainly not a fail-safe approach and requires that an NT workstation (or 95/98 for that matter) map at least one drive to a server which you are tracking. However, it does provide approximate idle-time tracking (each client will have an idle time associated with each drive mapped to each different server).

   The other drawback to this approach is that it requires some effort on your part to derive meaningful information from the various generated reports, and the more servers you need to monitor, the more massaging your routine may have to do. However, if you have a couple of file servers which everyone uses, you can fairly easily see if a person is currently logged on.

   Another piecemeal utility is nbtstat -a {computername}, through which you can easily determine whether a person is logged into a particular NT workstation (or 95 with winpopup running). This one is more suited to a single user than to 100 users (obviously!).

At the PDC you can test under control panel the applet called server and there is a button users.
It will show you who is logged in and how long.

This was great information as you mentioned, but it does not resolve my problem, which is to determine a workstations UP TIME. I do appreciate the help.