Solved

Need logon history of RDP clients

Posted on 2007-03-19
8
1,226 Views
Last Modified: 2013-11-21
I've been asked to provide a log-on history, showing when people sign on and off an RDP session.  I know I can see who is logged on at the moment, but don't know of a way to get the usage history?  
0
Comment
Question by:TinaSC
8 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 20 total points
ID: 18750879
You need to set up Auditing. Unfortunately Auditing is not restrospective. See http://www.awprofessional.com/articles/article.asp?p=366893&seqNum=9&rl=1
0
 

Author Comment

by:TinaSC
ID: 18750942
Thanks KCTS.  I have looked at auditing & it seems somewhat cumbersome.  I've looked thru some old postings here & saw one by LEEW giving instructions for writing a script that's stored as a .csv.  I've never written a script before, but since I've come along a lot of solutions requiring a script, I guess it's time to learn.  It's too bad there's no way to go back in time.
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 20 total points
ID: 18752062
There should be Security logs that can be Filtered to show Logon events.

0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 20 total points
ID: 18752159
or even the use of things like eventcomb will help you a little more with filtering
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 190 total points
ID: 18753925
You can enable auditing but it is quite time consuming to filter and extract. Or you could add the lines below to each users logon script to create a log file for you. It would give you UserName, ComputerName, date and time in a simple single line  As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File
Log On:  UserName1 ComputerName1  Fri 09/30/20   8:00  
Log On:  UserName2 ComputerName2  Fri 09/30/20   8:10
Log On:  UserName3 ComputerName3  Fri 09/30/20   8:15
---------------------------------------------------------------------------
:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
---------------------------------------------------------------------------
Note the users will need to have read/write and execute permissions for the \\Server\Logs\LogOns.Log  file.
 
If you wish to know logoff times as well you will need to add a script in group policy for logoffs if you don't already have one:
User Configuration | Windows settings | Scripts | Logoff
Her to add to the same log file, add the following to the logoff script:
----------------------------------------------------------------------------
:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo Log Off:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
0
 

Author Comment

by:TinaSC
ID: 18756219
Thanks Rob... I almost get this.  In each user profile, I see the usrlogin.bat file (or something like that).  Is that where you mean I should add the above & if so, how do I find it to edit it for a specific user?  I did a search & only found 2 usrlogin.bat files??  Or do I put it in the logon/off script in the group policy??  Sorry, but I don't think I'm completely interpreting this correctly... new stuff for me...

Also, I saw a posting with this script -
----Logon.cmd----
IFMEMBER "%username%"=="domain\UserMonGroup"
IF ERRORLEVEL 1 echo LOGON %username% %computername% %date% %time% >> \\server\share\logon.log  (My apologies to the author, but I can't remember where I saw this).  
If I read that correctly, it goes in the grp policy?
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 190 total points
ID: 18757063
>>” usrlogin.bat file (or something like that).  Is that where you mean I should add the above”
Yes that is correct.
There doesn't necessarily need to be one logon script for each user. If the users have similar parameters set, they can all use the same one. The logon script is usually located in the NETLOGON share of the domain controller. Specifically:
C:\Windows\SYSVOL\sysvol\<DomainName>\scripts
If not there, or not sure which script is applied, it is applied in one of 2 ways, so you can check there to see the “pointer;
1)In active directory, under the user’s profile, on the profile tab, in the logon script box
2)In group policy under User configuration | Windows settings | Scripts | Logon
If you have numerous group policies you may need to run  gpresult from the command line of the clients machine wile logged on as them to see what policies are applied.

The other script you reference is part of a script that uses the IfMember utility in the Windows Resource kit to determine if the user is a member of a group (nothing to do with group policy). Often people will write a script that say something like map this drive if the user is a member of this account.

Let us know if you need more help with the script. Glad to “fill in the blanks” for you.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18781562
Thanks again TinaSC.
--Rob
0

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now