Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to make Active Directory to save in archive TXT or XML logon/logoff (username, date and time) of each user?

Posted on 2005-03-14
5
Medium Priority
?
426 Views
Last Modified: 2013-12-04
Hello experts!  
How to make Active Directory to save in archive TXT or XML logon/logoff (username, date and time) of each user?

Thanks
Wanderson
0
Comment
Question by:PINWAN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13537852
If your auditing this in your event log's then it can be easy. With 2003 and Xp pro there is a utility called Wmic.exe that is able to poll various wmi classes and output them into csv,xml,html.

I'm not very good at wmic yet... this doesn't yeild much good info
/output:c:\file1 wmic /namespace:\\root\cimv2 path Win32_NTLogEvent get eventcode /value |find "529" /format:xml.xsl
/append:c:\file1wmic /namespace:\\root\cimv2 path Win32_NTLogEvent get eventcode /value |find "528" /format:xml.xsl

you can play around with
wmic /namespace:\\root\cimv2 path Win32_NTLogEvent get /?
to list the other objects you can query

Here is a script that should work, but the format is text
http://www.microsoft.com/technet/scriptcenter/resources/qanda/jan05/hey0126.mspx
-rich
0
 

Author Comment

by:PINWAN
ID: 13603019
Hi Rich.

Do you can help me. I need to do this give the logins/logoff in the Windows 2000 Server with Active Directory.
I try to run your tip and don't work fine.

Regards,

Wanderson Pin
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13603600
This will pull info off the computer it's run on...

strComputer = "."
Set objWMIService = GetObject("winmgmts:{(Security)}\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery _
        ("Select * from Win32_NTLogEvent Where Logfile = 'Security' and " _
            & "EventCode = '529'")
For Each objEvent in colEvents
    Wscript.Echo "Category: " & objEvent.Category
    Wscript.Echo "Computer Name: " & objEvent.ComputerName
    Wscript.Echo "Event Code: " & objEvent.EventCode
    Wscript.Echo "Message: " & objEvent.Message
    Wscript.Echo "Record Number: " & objEvent.RecordNumber
    Wscript.Echo "Source Name: " & objEvent.SourceName
    Wscript.Echo "Time Written: " & objEvent.TimeWritten
    Wscript.Echo "Event Type: " & objEvent.Type
    Wscript.Echo "User: " & objEvent.User
Next

If you want to run it on another pc remotely, try this one: (replace "IP_or_DNS_name" with the ip of the server you want the logs from- or use the DNS name of that server)
strComputer = "IP_or_DNS_name"
Set objWMIService = GetObject("winmgmts:{(Security)}\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery _
        ("Select * from Win32_NTLogEvent Where Logfile = 'Security' and " _
            & "EventCode = '529'")
For Each objEvent in colEvents
    Wscript.Echo "Category: " & objEvent.Category
    Wscript.Echo "Computer Name: " & objEvent.ComputerName
    Wscript.Echo "Event Code: " & objEvent.EventCode
    Wscript.Echo "Message: " & objEvent.Message
    Wscript.Echo "Record Number: " & objEvent.RecordNumber
    Wscript.Echo "Source Name: " & objEvent.SourceName
    Wscript.Echo "Time Written: " & objEvent.TimeWritten
    Wscript.Echo "Event Type: " & objEvent.Type
    Wscript.Echo "User: " & objEvent.User
Next

Copy that to a text file. Rename from .txt to .vbs and run in a command window
cscript /nologo file.vbs   (file.vbs is the name of the .vbs file the above script is located in)
and you'll see the output on the screen to redirect to a file do:
cscript /nologo file.vbs >output.txt
-rich
0
 

Author Comment

by:PINWAN
ID: 13610467
Hi Rich.
Bom dia.

Script that you it sent functioned with event 529 (logon).  Thanks.

How to obtain logoff ?
The event logoff is the 528?  

Another question:  
Is possible to twirl one script similar to script of logon when the user effects logoff?

The question is the following one:
Here in the company, we need to know the worked hours of each employee and think about using the eventos of login/logoff to measure the worked hours.


Thanks again.
Wanderson Pin
From Brazil
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1000 total points
ID: 13611314
You could try to do this- if everyone is logging off when they leave... it'd probably work well. If the employee's know how you've started tracking them, they could leave early and have a co-worker log them off at a later time...

You can use the following modification to the script to get both 529 and 528 (or just run 2 scripts, change 529 to 528 in the second)
(these are lines 3,4 and 5 of the script- line 5 is really all that changes)

Set colEvents = objWMIService.ExecQuery _
        ("Select * from Win32_NTLogEvent Where Logfile = 'Security' and " _
            & "EventCode = '529'" & "EventCode = '528'")

http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/w2k3tr_intlg_tools.asp
-rich
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question