loral
asked on
Need to have a log of users logging into a Windows 2000 Server / Domain
Hello,
I *do* know this question has been asked, but I want to see if there is any updated method or better way.
What I need is a way to log everytime a user logs into our domain on a Windows 2000 server, with user name, date & time; and if possible, what time they log off.
I found this script yesterday here on E-E:
//*
for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dt=%%i-%%j-%%k-%%l
set dtt=%dt%
echo %username% log into %logonserver% at %time% %date% >> \\lri-server\logs\%dtt%.lo
*//
This script only works if you are logging on the server directly. I need the logs to be stored on the server, not on the workstation.
One reason I need this information is to know if a user is coming into the office after hours, what time they were on the network and when they logged out.
Obviously, I need the log to be appended so that each new user is added to the list, not a new list created.
Thanks for your help.....
Loral
I *do* know this question has been asked, but I want to see if there is any updated method or better way.
What I need is a way to log everytime a user logs into our domain on a Windows 2000 server, with user name, date & time; and if possible, what time they log off.
I found this script yesterday here on E-E:
//*
for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dt=%%i-%%j-%%k-%%l
set dtt=%dt%
echo %username% log into %logonserver% at %time% %date% >> \\lri-server\logs\%dtt%.lo
*//
This script only works if you are logging on the server directly. I need the logs to be stored on the server, not on the workstation.
One reason I need this information is to know if a user is coming into the office after hours, what time they were on the network and when they logged out.
Obviously, I need the log to be appended so that each new user is added to the list, not a new list created.
Thanks for your help.....
Loral
"Obviously, I need the log to be appended so that each new user is added to the list, not a new list created."
Sorry..
Set up a policy to run script on login and logout.
save log to 2000 Server on a public share with no Read and Filescan
===Login.bat===
@echo off
echo Log In %Date% %TIME% %NWUSERNAME% >> \\2000Server\USER\share\lo
echo Log In %Date% %TIME% %COMPUTERNAME% >> \\2000Server\USER\share\lo
exit
===Logout.bat===
@echo off
echo Log Out %Date% %TIME% %NWUSERNAME% >> \\2000Server\USER\share\lo
echo Log Out %Date% %TIME% %COMPUTERNAME% >> \\2000Server\USER\share\lo
exit
Sorry..
Set up a policy to run script on login and logout.
save log to 2000 Server on a public share with no Read and Filescan
===Login.bat===
@echo off
echo Log In %Date% %TIME% %NWUSERNAME% >> \\2000Server\USER\share\lo
echo Log In %Date% %TIME% %COMPUTERNAME% >> \\2000Server\USER\share\lo
exit
===Logout.bat===
@echo off
echo Log Out %Date% %TIME% %NWUSERNAME% >> \\2000Server\USER\share\lo
echo Log Out %Date% %TIME% %COMPUTERNAME% >> \\2000Server\USER\share\lo
exit
ASKER
Hi D.K.
OK, here's what I've tried so far.
I went into Active Directory
I right clicked on my domain
I chose Properties
I clicked Group Policy
I clicked Add
I created a Policy and named it "Login and Logout Logs"
Under the User Configuration, I clicked the + by Windows Settings
I clicked on Scripts (Logon/Logoff)
I double clicked both the Logon and Logoff in the right pane and pointed them to the logon.bat & logoff.bat respectively.
After closing up the console and AD, etc. I ran a test logon from a workstation.
I'm not getting any logging. I tried numerous users, and the same results. Obviously, I edited the path from your script above to point to my server name, and location to my shared folder, but otherwise copied & pasted your script into the Logon.bat & Logoff.bat I created.
Any ideas where I went wrong?
Thanks
Loral
OK, here's what I've tried so far.
I went into Active Directory
I right clicked on my domain
I chose Properties
I clicked Group Policy
I clicked Add
I created a Policy and named it "Login and Logout Logs"
Under the User Configuration, I clicked the + by Windows Settings
I clicked on Scripts (Logon/Logoff)
I double clicked both the Logon and Logoff in the right pane and pointed them to the logon.bat & logoff.bat respectively.
After closing up the console and AD, etc. I ran a test logon from a workstation.
I'm not getting any logging. I tried numerous users, and the same results. Obviously, I edited the path from your script above to point to my server name, and location to my shared folder, but otherwise copied & pasted your script into the Logon.bat & Logoff.bat I created.
Any ideas where I went wrong?
Thanks
Loral
Try first to set up this policy on a local XP computer, if you get this working you have to make policy distribute to your workstation when login to you domain server.
I use NetWare and don’t now how to set up policy on win2000 server.
Are you sure policy is working use “gpresult /V” to see if you get policy from your domain server.
You can use “GPUpdate /Force” to force policy out.
If you don’t use GP in you domain you can ask an Expert here on how to setup GP on 2000 domain server.
I use NetWare and don’t now how to set up policy on win2000 server.
Are you sure policy is working use “gpresult /V” to see if you get policy from your domain server.
You can use “GPUpdate /Force” to force policy out.
If you don’t use GP in you domain you can ask an Expert here on how to setup GP on 2000 domain server.
I found this. http://msmvps.com/blogs/kwsupport/archive/2005/02/24/36942.aspx
Don’t now if this help but you can try.
Rename Logon.bat & Logoff.bat to Logon.cmd & Logoff.cmd
And change in GP to this new name.
ASKER
Hey D.K.
I made a new Group Policy, and it wasn't working. So, I deleted that policy and just edited the Default Group Policy that was there, and used the same steps as above.
I put the lines you sent in a logon.bat and logoff.bat file yesterday. Since yesterday, it did create a pc.log file, and the only thing logged out of 20 users is this:
Log In Wed 04/26/2006 16:42:50.51
Log In Thu 04/27/2006 9:31:42.06
Both of these entries would be me logging into the server over Term Services into the server. So, none of the workstations are being logged.
OK, with that said, are you saying I need to make the logon.bat & logoff.bat and append the GP on each workstation? I was hoping I could just do this on the Server, but it will be a little extra work to put on each workstation, but not impossible.
Thanks again
Loral
I made a new Group Policy, and it wasn't working. So, I deleted that policy and just edited the Default Group Policy that was there, and used the same steps as above.
I put the lines you sent in a logon.bat and logoff.bat file yesterday. Since yesterday, it did create a pc.log file, and the only thing logged out of 20 users is this:
Log In Wed 04/26/2006 16:42:50.51
Log In Thu 04/27/2006 9:31:42.06
Both of these entries would be me logging into the server over Term Services into the server. So, none of the workstations are being logged.
OK, with that said, are you saying I need to make the logon.bat & logoff.bat and append the GP on each workstation? I was hoping I could just do this on the Server, but it will be a little extra work to put on each workstation, but not impossible.
Thanks again
Loral
No you dont have to put policy on all workstations, you need workstations to read policy from 2000 domain server.
type "set" inside "cmd" from a workstations and see your variables
See if you have NWUSERNAME and COMPUTERNAME
See if you have NWUSERNAME and COMPUTERNAME
You say
” Both of these entries would be me logging into the server over Term Services into the server. So, none of the workstations are being logged.”
If this is true you have set this policy local on this server, you should set this
policy to your domain and to user group or users.
Start with something simple change some small stuff like push out control panel settings and work with that until you se it working on workstation.
I’m Not NT expert on policy but a believe you have to set your workstation to
login to this domain to get policy from server.
” Both of these entries would be me logging into the server over Term Services into the server. So, none of the workstations are being logged.”
If this is true you have set this policy local on this server, you should set this
policy to your domain and to user group or users.
Start with something simple change some small stuff like push out control panel settings and work with that until you se it working on workstation.
I’m Not NT expert on policy but a believe you have to set your workstation to
login to this domain to get policy from server.
ASKER
Hi again,
You're on the right track.
All users do log into a domain. No one but the admin account can logon to the machine on a local account. All accounts are roaming profiles.
Here is the results of the "set" command from a workstation. I logged on as a regular user with power user privilages:
C:\>set
ALLUSERSPROFILE=C:\Documen
APPDATA=C:\Documents and Settings\cburke\Applicatio
CommonProgramFiles=C:\Prog
COMPUTERNAME=LISA
ComSpec=C:\WINNT\system32\
HOMEDRIVE=U:
HOMEPATH=\
HOMESHARE=\\Lri-server\use
LOGONSERVER=\\LRI-SERVER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system
Path=C:\WINNT\system32;C:\
PATHEXT=.COM;.EXE;.BAT;.CM
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\cburke\LO
TMP=C:\DOCUME~1\cburke\LOC
USERDNSDOMAIN=<our domain>.com <--- replaced, was listed correctly
USERDOMAIN=<our domain> <--- replaced, was listed correctly
USERNAME=cburke
USERPROFILE=C:\Documents and Settings\cburke
windir=C:\WINNT
I see I have the Computer name, and is listed correctly, but I don't show NWUSERNAME, just USERNAME.
As I said before, the only GP that was listed was a Default Group Policy. I edited it to point to the logon & logoff.bat.
Thanks,
Loral
You're on the right track.
All users do log into a domain. No one but the admin account can logon to the machine on a local account. All accounts are roaming profiles.
Here is the results of the "set" command from a workstation. I logged on as a regular user with power user privilages:
C:\>set
ALLUSERSPROFILE=C:\Documen
APPDATA=C:\Documents and Settings\cburke\Applicatio
CommonProgramFiles=C:\Prog
COMPUTERNAME=LISA
ComSpec=C:\WINNT\system32\
HOMEDRIVE=U:
HOMEPATH=\
HOMESHARE=\\Lri-server\use
LOGONSERVER=\\LRI-SERVER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system
Path=C:\WINNT\system32;C:\
PATHEXT=.COM;.EXE;.BAT;.CM
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\cburke\LO
TMP=C:\DOCUME~1\cburke\LOC
USERDNSDOMAIN=<our domain>.com <--- replaced, was listed correctly
USERDOMAIN=<our domain> <--- replaced, was listed correctly
USERNAME=cburke
USERPROFILE=C:\Documents and Settings\cburke
windir=C:\WINNT
I see I have the Computer name, and is listed correctly, but I don't show NWUSERNAME, just USERNAME.
As I said before, the only GP that was listed was a Default Group Policy. I edited it to point to the logon & logoff.bat.
Thanks,
Loral
“All users do log into a domain”
Are you applying this policy to this domain and user or group you tested?
"I see I have the Computer name, and is listed correctly, but I don't show NWUSERNAME, just USERNAME."
Then you can change %NWUSERNAME% to %USERNAME%
You can type "echo Log In %Date% AT %TIME% AS %USERNAME% ON %COMPUTERNAME%"
to see it work.
To log users logging/logout this while work but to get your policy up and running you need to search internet or ask an expert on
https://www.experts-exchange.com/Networking/Microsoft_Network/
You cold redirect this new question to this then expert while now watt you need.
I can search but I can’t test I have no windows server.
If you get this GP working your life while be easy, all local settings in your network is set from server. And all things you don’t want user to change are possible to set.
If you are low on points you cold ask support to down this question to 250 points and use rest to new question.
Are you applying this policy to this domain and user or group you tested?
"I see I have the Computer name, and is listed correctly, but I don't show NWUSERNAME, just USERNAME."
Then you can change %NWUSERNAME% to %USERNAME%
You can type "echo Log In %Date% AT %TIME% AS %USERNAME% ON %COMPUTERNAME%"
to see it work.
To log users logging/logout this while work but to get your policy up and running you need to search internet or ask an expert on
https://www.experts-exchange.com/Networking/Microsoft_Network/
You cold redirect this new question to this then expert while now watt you need.
I can search but I can’t test I have no windows server.
If you get this GP working your life while be easy, all local settings in your network is set from server. And all things you don’t want user to change are possible to set.
If you are low on points you cold ask support to down this question to 250 points and use rest to new question.
What I figure out is you can’t use gpedit direct you should use MMC and add
”Active directory users and computers” from this you should set GPO.
”Active directory users and computers” from this you should set GPO.
ASKER
I'll give those a shot. I'm a premium member, so points is not an issue. I raised the points to 500 to keep you interested in continuing to help me out. I would add more, but 500 seems to be the limit.
I used the echo Log In %Date% AT %TIME% AS %USERNAME% ON %COMPUTERNAME% on my workstation and it does report the correct information.
I'm trying to apply this to the domain. What I'm doing, and my apologies if this isn't correct; I'm opening up AD, right clicking on my domain, I choose Properties from this menu, I click the Group Policy Tab, I show "Current Group Policy Objects Links for <mydomain>, In the white box area where a list of GP's would be listed, I have one: Default Domain Policy. I click "edit", and the GP Console opens. Under "User Configuration" I am clicking the + by Windows Settings, then I click on "Scripts (Logon/Logoff). In the right panel, I click the logon & logoff respectively and point them to the logon & logoff.bat files I put in the folders in the winnt\sysvol\... etc. folders.
On adding a GP, I did go to the run command and typed mmc /a and created a new GP, and it does show up using the same method in the previous paragraph, and did the same thing, but it didn't even log the administrator logging in or out.
Oh well, I always seem to have the challenges. Thanks!
Loral
I used the echo Log In %Date% AT %TIME% AS %USERNAME% ON %COMPUTERNAME% on my workstation and it does report the correct information.
I'm trying to apply this to the domain. What I'm doing, and my apologies if this isn't correct; I'm opening up AD, right clicking on my domain, I choose Properties from this menu, I click the Group Policy Tab, I show "Current Group Policy Objects Links for <mydomain>, In the white box area where a list of GP's would be listed, I have one: Default Domain Policy. I click "edit", and the GP Console opens. Under "User Configuration" I am clicking the + by Windows Settings, then I click on "Scripts (Logon/Logoff). In the right panel, I click the logon & logoff respectively and point them to the logon & logoff.bat files I put in the folders in the winnt\sysvol\... etc. folders.
On adding a GP, I did go to the run command and typed mmc /a and created a new GP, and it does show up using the same method in the previous paragraph, and did the same thing, but it didn't even log the administrator logging in or out.
Oh well, I always seem to have the challenges. Thanks!
Loral
Don’t now if this is the right way, but test this.
But this bat file on a share folder that’s workstation user has right to read,
And then in policy set this same path (\\servername\sharename\lo
Did you test any other policy like Display property or Control panel setting.
Just to see if some GPO while go out to your workstations.
But this bat file on a share folder that’s workstation user has right to read,
And then in policy set this same path (\\servername\sharename\lo
Did you test any other policy like Display property or Control panel setting.
Just to see if some GPO while go out to your workstations.
Try some simple GPO like disable “display settings”
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi again D.K.
Sorry I haven't been in here for a few days, but other duties called.
I'm printing that document you sent the link to now. I should have some time this afternoon to try your other suggestions also.
Thanks!
Loral
Sorry I haven't been in here for a few days, but other duties called.
I'm printing that document you sent the link to now. I should have some time this afternoon to try your other suggestions also.
Thanks!
Loral
save log to 2000 Server on a public share with no Read and Filescan
===Login.bat===
@echo off
echo Log In %Date% %TIME% %NWUSERNAME% >> \\2000Server\USER\share\lo
echo Log In %Date% %TIME% %COMPUTERNAME% >> \\2000Server\USER\share\lo
exit
===Logout.bat===
@echo off
echo Log Out %Date% %TIME% %NWUSERNAME% >> \\2000Server\USER\share\lo
echo Log Out %Date% %TIME% %COMPUTERNAME% >> \\2000Server\USER\share\lo
exit