We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Capture login id and computer name information

stevensc
stevensc asked
on
Medium Priority
763 Views
Last Modified: 2010-04-13
Hi, We'd like to capture login id and computer name information so that whenever a person logins in to the pc it logs it to a file. We need to capture the computername too because we want to do this on Win2k Terminal Servies. Thanks
Comment
Watch Question

Pete LongTechnical Architect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Add this to the login script, or place it as a batch file in the users startup directory


::Begin

date/t>>filename.txt
echo %computername%>>filename.txt
echo %username%>>filename.txt

::End

you can change the path to filename.txt to server share to hold the info centrally :)
Gareth GudgerSolution Architect
CERTIFIED EXPERT
Most Valuable Expert 2014
Top Expert 2014

Commented:
You can also track successful and failed logins through the group policy which would log the time/date in Event Viewer.
CERTIFIED EXPERT
Top Expert 2012
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Fatal_ExceptionSystems Engineer
Top Expert 2005

Commented:
More insight on auditing account logons..::

http://www.winnetmag.com/Article/ArticleID/21295/Windows_21295.html

To start auditing account logon events, you can either enable auditing for this category in Default Domain Controllers Policy or switch the policy to not defined, in which case Default Domain Policy will be the only GPO specifying an audit policy.

The difference between Audit logon events and Audit account logon events is where Win2K tracks and records the logon events. Audit logon events tracks and records events at the workstation, whereas Audit account logon events tracks and records events centrally at your DC. (Audit account logon events also shows the low-level Kerberos logon details.) For more information, see my Windows 2000 Magazine article "Audit Account Logon Events" (March 2001).

FE
Stevensc

Take what "PeteLong" suggested and add the extra line to give you the name of the machine that was used to connect to the Terminal Server.   Variable is %ClientName% You will need to setup a filearea that is Read/Write so that the log can be generated.

echo %ClientName% >> Filename.txt


::Begin

date/t>>filename.txt
echo %computername%>>filename.txt
echo %ClientName% >> Filename.txt              <------ Extra Line
echo %username%>>filename.txt

::End



GC
This gives you...

computer name - logon name - date - time - ip

--------------------------  cut  --------------------------
@echo off
for /F "tokens=2 delims=:" %%K in ('ipconfig ^| find /I "IP Address"') do set IPADD=%%K
echo %computername% - %username% - %date% %time% %ipadd% >>"C:\userlogs.txt"
@cls
--------------------------  cut  --------------------------
Pete LongTechnical Architect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Morning spiderfix, why dont my scripts ever look as pretty as yours :(

Pete
Ha! Pete :)

Either because I'm obsessive compulsive or I don't trust
users [at all] so scripts and group policy keep me sane.

They didn't look like that in 2000...users took me there ;)

Pete LongTechnical Architect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
:)
Pete LongTechnical Architect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Split
jkr
CERTIFIED EXPERT
Top Expert 2012

Commented:
Hmm, Id say that  http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/monitor/logonoff.mspx ("Tracking Logon and Logoff Activity in Windows 2000") hits the nail *right* on the head...
Pete LongTechnical Architect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
agree, assuming steven had a domain of course.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.