Solved

Capture login id and computer name information

Posted on 2004-03-26
15
695 Views
Last Modified: 2010-04-13
Hi, We'd like to capture login id and computer name information so that whenever a person logins in to the pc it logs it to a file. We need to capture the computername too because we want to do this on Win2k Terminal Servies. Thanks
0
Comment
Question by:stevensc
  • 5
  • 2
  • 2
  • +3
15 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 10690347
Add this to the login script, or place it as a batch file in the users startup directory


::Begin

date/t>>filename.txt
echo %computername%>>filename.txt
echo %username%>>filename.txt

::End

you can change the path to filename.txt to server share to hold the info centrally :)
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10690364
You can also track successful and failed logins through the group policy which would log the time/date in Event Viewer.
0
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 10690376
Why don't you turn on auditing for logon events? See e.g. http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/monitor/logevnts.mspx ("Audit Account Logon Events") and http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/monitor/logonoff.mspx ("Tracking Logon and Logoff Activity in Windows 2000")
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10690957
More insight on auditing account logons..::

http://www.winnetmag.com/Article/ArticleID/21295/Windows_21295.html

To start auditing account logon events, you can either enable auditing for this category in Default Domain Controllers Policy or switch the policy to not defined, in which case Default Domain Policy will be the only GPO specifying an audit policy.

The difference between Audit logon events and Audit account logon events is where Win2K tracks and records the logon events. Audit logon events tracks and records events at the workstation, whereas Audit account logon events tracks and records events centrally at your DC. (Audit account logon events also shows the low-level Kerberos logon details.) For more information, see my Windows 2000 Magazine article "Audit Account Logon Events" (March 2001).

FE
0
 
LVL 6

Expert Comment

by:Greenclock
ID: 10692360
Stevensc

Take what "PeteLong" suggested and add the extra line to give you the name of the machine that was used to connect to the Terminal Server.   Variable is %ClientName% You will need to setup a filearea that is Read/Write so that the log can be generated.

echo %ClientName% >> Filename.txt


::Begin

date/t>>filename.txt
echo %computername%>>filename.txt
echo %ClientName% >> Filename.txt              <------ Extra Line
echo %username%>>filename.txt

::End



GC
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 10693153
This gives you...

computer name - logon name - date - time - ip

--------------------------  cut  --------------------------
@echo off
for /F "tokens=2 delims=:" %%K in ('ipconfig ^| find /I "IP Address"') do set IPADD=%%K
echo %computername% - %username% - %date% %time% %ipadd% >>"C:\userlogs.txt"
@cls
--------------------------  cut  --------------------------
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 57

Expert Comment

by:Pete Long
ID: 10693920
Morning spiderfix, why dont my scripts ever look as pretty as yours :(

Pete
0
 
LVL 14

Expert Comment

by:spiderfix
ID: 10693949
Ha! Pete :)

Either because I'm obsessive compulsive or I don't trust
users [at all] so scripts and group policy keep me sane.

They didn't look like that in 2000...users took me there ;)

0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10693953
:)
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11493970
Split
0
 
LVL 86

Expert Comment

by:jkr
ID: 11494032
Hmm, Id say that  http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/monitor/logonoff.mspx ("Tracking Logon and Logoff Activity in Windows 2000") hits the nail *right* on the head...
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11494148
agree, assuming steven had a domain of course.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
windows 2000 3 420
win2k service packs 5 638
Windows 2000  Domain controller 3 487
Automate postgres backups on windows and move it to linux box 15 76
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In  today’s increasingly digital world, managed service providers (MSPs) fight for their customers’ attention, looking for ways to make them stay and purchase more services. One way to encourage that behavior is to develop a dependable brand of prod…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now