Link to home
Start Free TrialLog in
Avatar of stevensc
stevensc

asked on

Capture login id and computer name information

Hi, We'd like to capture login id and computer name information so that whenever a person logins in to the pc it logs it to a file. We need to capture the computername too because we want to do this on Win2k Terminal Servies. Thanks
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image
Add this to the login script, or place it as a batch file in the users startup directory


::Begin

date/t>>filename.txt
echo %computername%>>filename.txt
echo %username%>>filename.txt

::End

you can change the path to filename.txt to server share to hold the info centrally :)
Avatar of Gareth Gudger
Gareth Gudger
Flag of United States of America image
You can also track successful and failed logins through the group policy which would log the time/date in Event Viewer.
ASKER CERTIFIED SOLUTION
Avatar of jkr
jkr
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Fatal_Exception
Fatal_Exception
Flag of United States of America image
More insight on auditing account logons..::

http://www.winnetmag.com/Article/ArticleID/21295/Windows_21295.html

To start auditing account logon events, you can either enable auditing for this category in Default Domain Controllers Policy or switch the policy to not defined, in which case Default Domain Policy will be the only GPO specifying an audit policy.

The difference between Audit logon events and Audit account logon events is where Win2K tracks and records the logon events. Audit logon events tracks and records events at the workstation, whereas Audit account logon events tracks and records events centrally at your DC. (Audit account logon events also shows the low-level Kerberos logon details.) For more information, see my Windows 2000 Magazine article "Audit Account Logon Events" (March 2001).

FE
Avatar of Andrew P
Andrew P
Flag of United Kingdom of Great Britain and Northern Ireland image
Stevensc

Take what "PeteLong" suggested and add the extra line to give you the name of the machine that was used to connect to the Terminal Server.   Variable is %ClientName% You will need to setup a filearea that is Read/Write so that the log can be generated.

echo %ClientName% >> Filename.txt


::Begin

date/t>>filename.txt
echo %computername%>>filename.txt
echo %ClientName% >> Filename.txt              <------ Extra Line
echo %username%>>filename.txt

::End



GC
Avatar of spiderfix
spiderfix
Flag of Canada image
This gives you...

computer name - logon name - date - time - ip

--------------------------  cut  --------------------------
@echo off
for /F "tokens=2 delims=:" %%K in ('ipconfig ^| find /I "IP Address"') do set IPADD=%%K
echo %computername% - %username% - %date% %time% %ipadd% >>"C:\userlogs.txt"
@cls
--------------------------  cut  --------------------------
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image
Morning spiderfix, why dont my scripts ever look as pretty as yours :(

Pete
Avatar of spiderfix
spiderfix
Flag of Canada image
Ha! Pete :)

Either because I'm obsessive compulsive or I don't trust
users [at all] so scripts and group policy keep me sane.

They didn't look like that in 2000...users took me there ;)

Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image
Split
Avatar of jkr
jkr
Flag of Germany image
Hmm, Id say that  http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/monitor/logonoff.mspx ("Tracking Logon and Logoff Activity in Windows 2000") hits the nail *right* on the head...
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image
agree, assuming steven had a domain of course.