stevensc
asked on
Capture login id and computer name information
Hi, We'd like to capture login id and computer name information so that whenever a person logins in to the pc it logs it to a file. We need to capture the computername too because we want to do this on Win2k Terminal Servies. Thanks
You can also track successful and failed logins through the group policy which would log the time/date in Event Viewer.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
More insight on auditing account logons..::
http://www.winnetmag.com/Article/ArticleID/21295/Windows_21295.html
To start auditing account logon events, you can either enable auditing for this category in Default Domain Controllers Policy or switch the policy to not defined, in which case Default Domain Policy will be the only GPO specifying an audit policy.
The difference between Audit logon events and Audit account logon events is where Win2K tracks and records the logon events. Audit logon events tracks and records events at the workstation, whereas Audit account logon events tracks and records events centrally at your DC. (Audit account logon events also shows the low-level Kerberos logon details.) For more information, see my Windows 2000 Magazine article "Audit Account Logon Events" (March 2001).
FE
http://www.winnetmag.com/Article/ArticleID/21295/Windows_21295.html
To start auditing account logon events, you can either enable auditing for this category in Default Domain Controllers Policy or switch the policy to not defined, in which case Default Domain Policy will be the only GPO specifying an audit policy.
The difference between Audit logon events and Audit account logon events is where Win2K tracks and records the logon events. Audit logon events tracks and records events at the workstation, whereas Audit account logon events tracks and records events centrally at your DC. (Audit account logon events also shows the low-level Kerberos logon details.) For more information, see my Windows 2000 Magazine article "Audit Account Logon Events" (March 2001).
FE
Stevensc
Take what "PeteLong" suggested and add the extra line to give you the name of the machine that was used to connect to the Terminal Server. Variable is %ClientName% You will need to setup a filearea that is Read/Write so that the log can be generated.
echo %ClientName% >> Filename.txt
::Begin
date/t>>filename.txt
echo %computername%>>filename.t xt
echo %ClientName% >> Filename.txt <------ Extra Line
echo %username%>>filename.txt
::End
GC
Take what "PeteLong" suggested and add the extra line to give you the name of the machine that was used to connect to the Terminal Server. Variable is %ClientName% You will need to setup a filearea that is Read/Write so that the log can be generated.
echo %ClientName% >> Filename.txt
::Begin
date/t>>filename.txt
echo %computername%>>filename.t
echo %ClientName% >> Filename.txt <------ Extra Line
echo %username%>>filename.txt
::End
GC
This gives you...
computer name - logon name - date - time - ip
-------------------------- cut --------------------------
@echo off
for /F "tokens=2 delims=:" %%K in ('ipconfig ^| find /I "IP Address"') do set IPADD=%%K
echo %computername% - %username% - %date% %time% %ipadd% >>"C:\userlogs.txt"
@cls
-------------------------- cut --------------------------
computer name - logon name - date - time - ip
--------------------------
@echo off
for /F "tokens=2 delims=:" %%K in ('ipconfig ^| find /I "IP Address"') do set IPADD=%%K
echo %computername% - %username% - %date% %time% %ipadd% >>"C:\userlogs.txt"
@cls
--------------------------
Morning spiderfix, why dont my scripts ever look as pretty as yours :(
Pete
Pete
Ha! Pete :)
Either because I'm obsessive compulsive or I don't trust
users [at all] so scripts and group policy keep me sane.
They didn't look like that in 2000...users took me there ;)
Either because I'm obsessive compulsive or I don't trust
users [at all] so scripts and group policy keep me sane.
They didn't look like that in 2000...users took me there ;)
:)
Split
Hmm, Id say that http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/monitor/logonoff.mspx ("Tracking Logon and Logoff Activity in Windows 2000") hits the nail *right* on the head...
agree, assuming steven had a domain of course.
::Begin
date/t>>filename.txt
echo %computername%>>filename.t
echo %username%>>filename.txt
::End
you can change the path to filename.txt to server share to hold the info centrally :)