?
Solved

Who logged into the windows 2003 server and when.

Posted on 2009-04-02
4
Medium Priority
?
492 Views
Last Modified: 2013-12-05
I need a tool or preferably a vb script that will report to me who logged into a windows 2003 server, when and from which IP address. I want to run this script against five servers once a day and get a report of who has logged into the servers from RDP & console within the past 24 hours. I have full domain admin access but no clue how to achieve this.

Is this possible? i see a bunch of stuff in the event viewer but deciphering it is a nightmare. There must be a better way!?!?
0
Comment
Question by:MoogControls
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 3

Expert Comment

by:maniksaha
ID: 24048364
Please follow the steps to achieve your GOAL.

This is a great little batch file that enables an admin to keep a log of where, when and what computer user log on to and when they log off.
1.       Set up a Share on the network.
The batch file is actually two files. One runs at user log on and one runs at useer log off. When the batch files run, they create a rolling log file with the details in a shared network folder.
1) Create a shared folder on the network. Mine is called Logs. Everyone should have full access to this share.
2) In that folder, create a folder called User and a folder called computer.       
2.       Create the batch files.
Copy and Paste the following into two separate text files. When you save them, remember to change the file type to .bat
Name: Log On.bat
rem The following line creates a rolling log file of usage by workstation
echo Log In %Date% %TIME% %USERNAME% >> \\servername\Logs\Computer\%COMPUTERNAME%.log
rem The following line creates a rolling log file of usage by user
echo Log In %Date% %TIME% %COMPUTERNAME% >> \\servername\Logs\User\%USERNAME%.log
Name: Log Off.bat
rem The following line creates a rolling log file of usage by workstation
echo Log Off %Date% %TIME% %USERNAME% >> \\servername\Logs\Computer\%COMPUTERNAME%.log
rem The following line creates a rolling log file of usage by user
echo Log Off %Date% %TIME% %COMPUTERNAME% >> \\servername\Logs\User\%USERNAME%.log
Put these files in the Logs folder.      
3.       Add the batch files to group policy.
You do this on your User Container GPO.
User Configuration > Windows Settings > Scripts
Add Log In.bat to the Logon scripts box and Log Off.bat to the Logoff scripts box      


Ref: http://community.spiceworks.com/how_to/show/82

Hope it will help u, plz check and revert
0
 

Author Comment

by:MoogControls
ID: 24048434
Thanks maniksaha, I was hoping to achieve my goal using the data from the event viewer. As it is the enterprise admins, and domain admins from other domains that i am trying to track. Because it is another domain i cannot edit their domain GPO. Any ideas?
0
 
LVL 8

Expert Comment

by:JustWorking
ID: 24055423
MooqControls,

I understand you are looking to extract this data from the Even Viewer howerver here is something I have used. It is vbscript that will write a text file (same locatoin as the vbs) with user, computer and run time. I placed this in my server start up menus so it runs at every login and appends to the file. The logged text file will look like this:

Current Date: ,Thursday, April 02, 2009 @ 6:51:40 PM
Current User: ,DomainName\username
Computer Name: ,Servername

Then I would check the text file once a day to view the logins and keep the text file for reference.

JW
Set oNet = CreateObject("WScript.Network")
Set oFS = CreateObject("Scripting.FileSystemObject")
Set oWS = CreateObject("Wscript.Shell")
 
sCurrentUser = oNet.UserName
sDomain = oNet.UserDomain
sComputer = oNet.ComputerName
 
sScriptName = WScript.ScriptName
sScriptPath = WScript.ScriptFullName
sLog = Replace(sScriptName, ".vbs", ".log")
sLogFile = Replace(sScriptPath, sScriptName, sLog)
 
Set oLogFile = oFS.OpenTextFile(sLogFile, 8, True)
 
 
Function CurrentDateTime()
	CurrentDateTime = FormatDateTime(now, vbLongDate) & " @ " & FormatDateTime(now, vbLongTime)
End Function
 
	oLogFile.WriteLine "Current Date: " & "," & CurrentDateTime
	oLogFile.WriteLine "Current User: " & "," & sDomain & "\" & sCurrentUser
	oLogFile.WriteLine "Computer Name: " & "," & sComputer
	oLogFile.WriteLine VbCrLf

Open in new window

0
 

Accepted Solution

by:
MoogControls earned 0 total points
ID: 24107581
Thank you both for your suggestions.

We have decided to purchase a product from GFI called Event Manager. It is a bit expensive approx £170 per monitored server but it looks like it make good sense of all messages the event log.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month15 days, 15 hours left to enroll

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question