Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Monitoring login and outs?

Posted on 2007-08-01
8
Medium Priority
?
200 Views
Last Modified: 2010-04-12
Hello,

I was wondering, as network admin, is there a way that I can see who is currently logged into our network. And, more importantly, who is logged in via VPN. I use a Cisco Pixbox for the VPN connection. There are only two user accounts assigned to it and, aparently, everyone shares the same username/password. So, is there a way for me to monitor activity? Cheers!
0
Comment
Question by:bbiit
  • 3
  • 2
6 Comments
 
LVL 8

Expert Comment

by:thenone
ID: 19612654
one way is to go to the dc. click on administrative tools and go to computer management. In computer management click on sessions and you will see every person who is logged onto the network from that dc.
0
 

Author Comment

by:bbiit
ID: 19612717
thenone:

Thanks, but I don't see "sessions" anywhere under computer management. Am I missing something? Maybe I'm looking in the wrong place. I'm pretty green at this stuff. Could you elaborate please? Cheers!
0
 
LVL 8

Accepted Solution

by:
thenone earned 500 total points
ID: 19612733
My mistake open computer management then shared folders and then sessions.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:bbiit
ID: 19612765
thenone,

Cool. One follow up question. I noticed there are people who are listed more than once, and some that are listed up to 4 times. Are those how many login and outs for the day?
0
 
LVL 8

Expert Comment

by:thenone
ID: 19612824
What does the computer name say? If it is two different ip addresses than that could mean they are logged in with two different computers.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19613227
A few more options:
-Sysinternals offers a free tool to show who is logged on to a given machine, or what machines a user is logged on to:
http://www.microsoft.com/technet/sysinternals/SystemInformation/PsLoggedOn.mspx

-You can enable detailed auditing and within the configuration, you can configure the systems and successful and/or failed events you wish to audit. Following articles outline how to enable and analyze the results:
http://support.microsoft.com/kb/814595/
http://www.windowsecurity.com/articles/Understanding_Windows_Logging.html
http://207.46.19.60/technet/prodtechnol/windows2000serv/maintain/monitor/logevnts.mspx
However using auditing can be time consuming to filter and extract.

-Another option is to add the lines below to each users logon script to create a log file. It would give you UserName, ComputerName, date and time, in a simple single line, followed by the IP from which they connected, if needed. If you wish to know logoff times as well, you can add the same lines to a log off script in group policy (if you don't already have one: User Configuration | Windows settings | Scripts | Logoff). You likely wont need the last line (IP address) in the log off script.

As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File

Log On:  jdoe SERVER1  Tue 1/1/2007   9:01
  TCP    10.0.1.100:3389        66.66.123.123:1234        ESTABLISHED
 
Log Off: jdoe SERVER1  Tue 1/1/2007   9:31

Log On:  jsmith SERVER2  Tue 1/1/2007   11:00
  TCP    10.0.1.200:3389        66.66.123.124:1234        ESTABLISHED
 
Log Off: jsmith SERVER1  Tue 1/1/2007   11:30
---------------------------------------------------------------------------

:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo. >> "\\Server\Logs\LogOns.Log"
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,16%  %Time:~0,5% >> "\\\Server\Logs\LogOns.Log"
netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

---------------------------------------------------------------------------
Note the users will need to have read/write and execute permissions for the \\Server\Logs\LogOns.Log  file.

Keep in mind none of these tell you if someone has connected to the VPN, only if they have logged on to a computer.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question