Need logon history of RDP clients

I've been asked to provide a log-on history, showing when people sign on and off an RDP session.  I know I can see who is logged on at the moment, but don't know of a way to get the usage history?  
TinaSCAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian PiercePhotographerCommented:
You need to set up Auditing. Unfortunately Auditing is not restrospective. See http://www.awprofessional.com/articles/article.asp?p=366893&seqNum=9&rl=1
0
TinaSCAuthor Commented:
Thanks KCTS.  I have looked at auditing & it seems somewhat cumbersome.  I've looked thru some old postings here & saw one by LEEW giving instructions for writing a script that's stored as a .csv.  I've never written a script before, but since I've come along a lot of solutions requiring a script, I guess it's time to learn.  It's too bad there's no way to go back in time.
0
Netman66Commented:
There should be Security logs that can be Filtered to show Logon events.

0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Jay_Jay70Commented:
or even the use of things like eventcomb will help you a little more with filtering
0
Rob WilliamsCommented:
You can enable auditing but it is quite time consuming to filter and extract. Or you could add the lines below to each users logon script to create a log file for you. It would give you UserName, ComputerName, date and time in a simple single line  As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File
Log On:  UserName1 ComputerName1  Fri 09/30/20   8:00  
Log On:  UserName2 ComputerName2  Fri 09/30/20   8:10
Log On:  UserName3 ComputerName3  Fri 09/30/20   8:15
---------------------------------------------------------------------------
:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
---------------------------------------------------------------------------
Note the users will need to have read/write and execute permissions for the \\Server\Logs\LogOns.Log  file.
 
If you wish to know logoff times as well you will need to add a script in group policy for logoffs if you don't already have one:
User Configuration | Windows settings | Scripts | Logoff
Her to add to the same log file, add the following to the logoff script:
----------------------------------------------------------------------------
:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo Log Off:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
0
TinaSCAuthor Commented:
Thanks Rob... I almost get this.  In each user profile, I see the usrlogin.bat file (or something like that).  Is that where you mean I should add the above & if so, how do I find it to edit it for a specific user?  I did a search & only found 2 usrlogin.bat files??  Or do I put it in the logon/off script in the group policy??  Sorry, but I don't think I'm completely interpreting this correctly... new stuff for me...

Also, I saw a posting with this script -
----Logon.cmd----
IFMEMBER "%username%"=="domain\UserMonGroup"
IF ERRORLEVEL 1 echo LOGON %username% %computername% %date% %time% >> \\server\share\logon.log  (My apologies to the author, but I can't remember where I saw this).  
If I read that correctly, it goes in the grp policy?
0
Rob WilliamsCommented:
>>” usrlogin.bat file (or something like that).  Is that where you mean I should add the above”
Yes that is correct.
There doesn't necessarily need to be one logon script for each user. If the users have similar parameters set, they can all use the same one. The logon script is usually located in the NETLOGON share of the domain controller. Specifically:
C:\Windows\SYSVOL\sysvol\<DomainName>\scripts
If not there, or not sure which script is applied, it is applied in one of 2 ways, so you can check there to see the “pointer;
1)In active directory, under the user’s profile, on the profile tab, in the logon script box
2)In group policy under User configuration | Windows settings | Scripts | Logon
If you have numerous group policies you may need to run  gpresult from the command line of the clients machine wile logged on as them to see what policies are applied.

The other script you reference is part of a script that uses the IfMember utility in the Windows Resource kit to determine if the user is a member of a group (nothing to do with group policy). Often people will write a script that say something like map this drive if the user is a member of this account.

Let us know if you need more help with the script. Glad to “fill in the blanks” for you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rob WilliamsCommented:
Thanks again TinaSC.
--Rob
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.