Reverse IP addresses into accounts?

Our internet usage monitor (Win2k server, built in logging) usually lists usage under IP addresses, not user account names. I would like either one of the following:

1. Convince W2k server that it should log usernames instead of IP addresses - probably a really simple setting I've missed
or
2. A program which, given an IP address, returns the user logged on at that address ("currently" is sufficient as our IP addresses, although dynamic, rarely change).

Thanks

Geoff M.
LVL 8
gmayoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mdiglioCommented:
Hello,
If you wanted to use number 2 this script should accomplish that.

copy and paste the code below into a notepad file and save it
with a .vbs extension

'!!!Begin Copy !!!

strcomputer = InputBox("Input IP Address","IP2User")

If Ping(strComputer) Then

        Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
        Set colItems = objWMIService.ExecQuery("Select UserName from Win32_ComputerSystem", , 48)
            For Each objitem In colItems
             struser = objitem.username
                 wscript.echo objitem.username
            Next
            'If computer is on but no one logged in
            If strUser = "" Then
                wscript.echo"Computer is at the Ctrl-Alt-Del Screen"
            End If
       Else
            wscript.echo "Copmputer is OFF"
    End If


Function Ping(strComputer)

Dim sHost       'name of Windows XP computer from which the PING command will be initiated
Dim sTarget     'name or IP address of remote computer to which connectivity will be tested
Dim cPingResults    'collection of instances of Win32_PingStatus class
Dim oPingResult     'single instance of Win32_PingStatus class

sHost = "."

Set cPingResults = GetObject("winmgmts:{impersonationLevel=impersonate}//" & _
        sHost & "/root/cimv2").ExecQuery("SELECT * FROM Win32_PingStatus " & _
        "WHERE Address = '" + strComputer + "'")

    For Each oPingResult In cPingResults
        If oPingResult.StatusCode = 0 Then
        Ping = True
          Else
        End If
     
Next
end function

'!!!!End Copy !!!

Good Luck and let us know how it goes
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
browolfCommented:
you can also record who's logged on where in a login script.
1. create a hidden share on a server where everyone has write permission
2. in logon script do

for /f "tokens=1,2 delims=:" %%a in ('ipconfig ^| find "IP Address"') do set ip=%%b
for /f "tokens=1,2,3 delims=/" %%a in ('date /t') do set date=%%a%%b%%c
for /f "tokens=1,2 delims=:" %%a in ('time /t') do set time=%%a%%b
echo %date%-%time%-%username% >> \\server\share$\%ip%.txt

this will create a permanent record of who's logged in when for each ip address.

0
gmayoAuthor Commented:
The IP lookup works on my PC but doesn't on the server! Claims a syntax error.

I tried putting the code in the logon script, but this doesn't seem to get executed. Well, ip.txt never gets created at the location defined.

Any other ideas?
Thanks

Geoff M.
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

browolfCommented:
do you have the logon script running visibly? if you change the last line to
echo %date%-%time%-%username%-%ip%

it should show up on the screen.
when i get back to work next week, i'll have a go with that code myself in our login script.  it's the sort of thing i could do with ;-)
0
gmayoAuthor Commented:
I remember we used to get a DOS window flash up on logging in, which I assume was the login script. However, these days we don't see it. I checked my profile to make sure it was in there, which it is. I'll try putting something obvious in there, like MOREing the contents of a large text file!

Geoff M.
0
browolfCommented:
Well you can make it run hidden with group policy which is actually how you really want it but then it's not very helpful for debugging.
0
browolfCommented:
the problem seems to be that the ip has a space infront of it.
so set ip= 192.168.0.8    fails.

am working on a solution.
0
browolfCommented:
got it working for me by doing:

for /f "tokens=1,2* delims=.: " %%a in ('ipconfig ^| find "IP Address"') do set ip=%%c
for /f "tokens=1,2,3* delims=/ " %%a in ('date /t') do set date=%%b%%c%%d
for /f "tokens=1,2 delims=:" %%a in ('time /t') do set time=%%a%%b
echo %date%%time%%username% >> \\server\logs$\pupil\%ip%.txt
0
browolfCommented:
hmm it seems to echo it twice for no apparent reason
0
browolfCommented:
what i'm going to do next, for me personally,  is write a wsh script that will read the logs files and  insert the information into a mysql database. I already have a similar system that logs and adds ip to computername lookup.
It'll be easy enought to ignore every other line

And then after that write some php that allows me to interrogate it.
0
gmayoAuthor Commented:
Any progress?

Geoff M.
0
browolfCommented:
it was echoing twice because we had the login script defined in the group policy and the profile of the user. ie it was running twice. a legacy from NT. now i've  sorted that out it echos only once. does it work for you now?
0
gmayoAuthor Commented:
Well, no as the script doesn't seem to run at all! However, this does suggest that a more pressing problem lies elsewhere, preventing me testing your code. I'll take another look tomorrow.

Thanks

Geoff M.
0
browolfCommented:
i'd create a test OU with a test user with a test gpo and a test login script and put the log cmds in and have a pause after it.
see if that works. if it doesnt, then there's something preventing it in the actual gpo i'd say.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.