?
Solved

Capture login id and computer name information

Posted on 2004-03-26
15
Medium Priority
?
712 Views
Last Modified: 2010-04-13
Hi, We'd like to capture login id and computer name information so that whenever a person logins in to the pc it logs it to a file. We need to capture the computername too because we want to do this on Win2k Terminal Servies. Thanks
0
Comment
Question by:stevensc
  • 5
  • 2
  • 2
  • +3
12 Comments
 
LVL 58

Expert Comment

by:Pete Long
ID: 10690347
Add this to the login script, or place it as a batch file in the users startup directory


::Begin

date/t>>filename.txt
echo %computername%>>filename.txt
echo %username%>>filename.txt

::End

you can change the path to filename.txt to server share to hold the info centrally :)
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10690364
You can also track successful and failed logins through the group policy which would log the time/date in Event Viewer.
0
 
LVL 86

Accepted Solution

by:
jkr earned 2000 total points
ID: 10690376
Why don't you turn on auditing for logon events? See e.g. http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/monitor/logevnts.mspx ("Audit Account Logon Events") and http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/monitor/logonoff.mspx ("Tracking Logon and Logoff Activity in Windows 2000")
0
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10690957
More insight on auditing account logons..::

http://www.winnetmag.com/Article/ArticleID/21295/Windows_21295.html

To start auditing account logon events, you can either enable auditing for this category in Default Domain Controllers Policy or switch the policy to not defined, in which case Default Domain Policy will be the only GPO specifying an audit policy.

The difference between Audit logon events and Audit account logon events is where Win2K tracks and records the logon events. Audit logon events tracks and records events at the workstation, whereas Audit account logon events tracks and records events centrally at your DC. (Audit account logon events also shows the low-level Kerberos logon details.) For more information, see my Windows 2000 Magazine article "Audit Account Logon Events" (March 2001).

FE
0
 
LVL 6

Expert Comment

by:Greenclock
ID: 10692360
Stevensc

Take what "PeteLong" suggested and add the extra line to give you the name of the machine that was used to connect to the Terminal Server.   Variable is %ClientName% You will need to setup a filearea that is Read/Write so that the log can be generated.

echo %ClientName% >> Filename.txt


::Begin

date/t>>filename.txt
echo %computername%>>filename.txt
echo %ClientName% >> Filename.txt              <------ Extra Line
echo %username%>>filename.txt

::End



GC
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 10693153
This gives you...

computer name - logon name - date - time - ip

--------------------------  cut  --------------------------
@echo off
for /F "tokens=2 delims=:" %%K in ('ipconfig ^| find /I "IP Address"') do set IPADD=%%K
echo %computername% - %username% - %date% %time% %ipadd% >>"C:\userlogs.txt"
@cls
--------------------------  cut  --------------------------
0
 
LVL 58

Expert Comment

by:Pete Long
ID: 10693920
Morning spiderfix, why dont my scripts ever look as pretty as yours :(

Pete
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 10693949
Ha! Pete :)

Either because I'm obsessive compulsive or I don't trust
users [at all] so scripts and group policy keep me sane.

They didn't look like that in 2000...users took me there ;)

0
 
LVL 58

Expert Comment

by:Pete Long
ID: 10693953
:)
0
 
LVL 58

Expert Comment

by:Pete Long
ID: 11493970
Split
0
 
LVL 86

Expert Comment

by:jkr
ID: 11494032
Hmm, Id say that  http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/monitor/logonoff.mspx ("Tracking Logon and Logoff Activity in Windows 2000") hits the nail *right* on the head...
0
 
LVL 58

Expert Comment

by:Pete Long
ID: 11494148
agree, assuming steven had a domain of course.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
There's never been a better time to become a computer scientist. Employment growth in the field is expected to reach 22% overall by 2020, and if you want to get in on the action, it’s a good idea to think about at least minoring in computer science …
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
There may be issues when you are trying to access Outlook or send & receive emails or due to Outlook crash which leads to corrupt or damaged PST file. To eliminate the corruption from your PST file, you need to repair the corrupt Outlook PST file. U…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question