Solved

Reverse IP addresses into accounts?

Posted on 2004-10-25
146 Views
Last Modified: 2010-04-14
Our internet usage monitor (Win2k server, built in logging) usually lists usage under IP addresses, not user account names. I would like either one of the following:

1. Convince W2k server that it should log usernames instead of IP addresses - probably a really simple setting I've missed
or
2. A program which, given an IP address, returns the user logged on at that address ("currently" is sufficient as our IP addresses, although dynamic, rarely change).

Thanks

Geoff M.
0
Question by:gmayo
    14 Comments
     
    LVL 16

    Accepted Solution

    by:
    Hello,
    If you wanted to use number 2 this script should accomplish that.

    copy and paste the code below into a notepad file and save it
    with a .vbs extension

    '!!!Begin Copy !!!

    strcomputer = InputBox("Input IP Address","IP2User")

    If Ping(strComputer) Then

            Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
            Set colItems = objWMIService.ExecQuery("Select UserName from Win32_ComputerSystem", , 48)
                For Each objitem In colItems
                 struser = objitem.username
                     wscript.echo objitem.username
                Next
                'If computer is on but no one logged in
                If strUser = "" Then
                    wscript.echo"Computer is at the Ctrl-Alt-Del Screen"
                End If
           Else
                wscript.echo "Copmputer is OFF"
        End If


    Function Ping(strComputer)

    Dim sHost       'name of Windows XP computer from which the PING command will be initiated
    Dim sTarget     'name or IP address of remote computer to which connectivity will be tested
    Dim cPingResults    'collection of instances of Win32_PingStatus class
    Dim oPingResult     'single instance of Win32_PingStatus class

    sHost = "."

    Set cPingResults = GetObject("winmgmts:{impersonationLevel=impersonate}//" & _
            sHost & "/root/cimv2").ExecQuery("SELECT * FROM Win32_PingStatus " & _
            "WHERE Address = '" + strComputer + "'")

        For Each oPingResult In cPingResults
            If oPingResult.StatusCode = 0 Then
            Ping = True
              Else
            End If
         
    Next
    end function

    '!!!!End Copy !!!

    Good Luck and let us know how it goes
    0
     
    LVL 3

    Expert Comment

    by:browolf
    you can also record who's logged on where in a login script.
    1. create a hidden share on a server where everyone has write permission
    2. in logon script do

    for /f "tokens=1,2 delims=:" %%a in ('ipconfig ^| find "IP Address"') do set ip=%%b
    for /f "tokens=1,2,3 delims=/" %%a in ('date /t') do set date=%%a%%b%%c
    for /f "tokens=1,2 delims=:" %%a in ('time /t') do set time=%%a%%b
    echo %date%-%time%-%username% >> \\server\share$\%ip%.txt

    this will create a permanent record of who's logged in when for each ip address.

    0
     
    LVL 8

    Author Comment

    by:gmayo
    The IP lookup works on my PC but doesn't on the server! Claims a syntax error.

    I tried putting the code in the logon script, but this doesn't seem to get executed. Well, ip.txt never gets created at the location defined.

    Any other ideas?
    Thanks

    Geoff M.
    0
     
    LVL 3

    Expert Comment

    by:browolf
    do you have the logon script running visibly? if you change the last line to
    echo %date%-%time%-%username%-%ip%

    it should show up on the screen.
    when i get back to work next week, i'll have a go with that code myself in our login script.  it's the sort of thing i could do with ;-)
    0
     
    LVL 8

    Author Comment

    by:gmayo
    I remember we used to get a DOS window flash up on logging in, which I assume was the login script. However, these days we don't see it. I checked my profile to make sure it was in there, which it is. I'll try putting something obvious in there, like MOREing the contents of a large text file!

    Geoff M.
    0
     
    LVL 3

    Expert Comment

    by:browolf
    Well you can make it run hidden with group policy which is actually how you really want it but then it's not very helpful for debugging.
    0
     
    LVL 3

    Expert Comment

    by:browolf
    the problem seems to be that the ip has a space infront of it.
    so set ip= 192.168.0.8    fails.

    am working on a solution.
    0
     
    LVL 3

    Expert Comment

    by:browolf
    got it working for me by doing:

    for /f "tokens=1,2* delims=.: " %%a in ('ipconfig ^| find "IP Address"') do set ip=%%c
    for /f "tokens=1,2,3* delims=/ " %%a in ('date /t') do set date=%%b%%c%%d
    for /f "tokens=1,2 delims=:" %%a in ('time /t') do set time=%%a%%b
    echo %date%%time%%username% >> \\server\logs$\pupil\%ip%.txt
    0
     
    LVL 3

    Expert Comment

    by:browolf
    hmm it seems to echo it twice for no apparent reason
    0
     
    LVL 3

    Expert Comment

    by:browolf
    what i'm going to do next, for me personally,  is write a wsh script that will read the logs files and  insert the information into a mysql database. I already have a similar system that logs and adds ip to computername lookup.
    It'll be easy enought to ignore every other line

    And then after that write some php that allows me to interrogate it.
    0
     
    LVL 8

    Author Comment

    by:gmayo
    Any progress?

    Geoff M.
    0
     
    LVL 3

    Expert Comment

    by:browolf
    it was echoing twice because we had the login script defined in the group policy and the profile of the user. ie it was running twice. a legacy from NT. now i've  sorted that out it echos only once. does it work for you now?
    0
     
    LVL 8

    Author Comment

    by:gmayo
    Well, no as the script doesn't seem to run at all! However, this does suggest that a more pressing problem lies elsewhere, preventing me testing your code. I'll take another look tomorrow.

    Thanks

    Geoff M.
    0
     
    LVL 3

    Expert Comment

    by:browolf
    i'd create a test OU with a test user with a test gpo and a test login script and put the log cmds in and have a pause after it.
    see if that works. if it doesnt, then there's something preventing it in the actual gpo i'd say.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Cisco Complete Network Certification Training

    If you’re an IT engineer or technician, it's time you take your career to the next level. This elite training bundle is brimming with all of the information you need to learn to sit for Cisco CNNA, CCNP, and CCENT certification exams.

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    School is back in session! The beginning of the school year is a fresh slate. One way for students to get started on the right foot is to get organized.
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    933 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now