We help IT Professionals succeed at work.

How to require a login reason on Windows Server 2003?

On Windows servers, when you try to shut down it will request a reason explaining why you have chosen to do so.  I would like to know whether there are any similar utilities to ask for a reason when an administrator logs into a Windows Server (via RDP for example).  We are looking for this to help provide a better audit trail of our activities.
Comment
Watch Question

Commented:
I am not aware of any feature that will do what you are asking.  You can set many different audit logs.  see this site

http://www.windowsecurity.com/articles/Windows-Active-Directory-Auditing.html
Top Expert 2013
Commented:
I have not seen such an add on either. But logging users access to the server is a common question. You may wish to look at the following options:
You can enable detailed auditing and within the configuration, you can configure the systems and successful and/or failed events you wish to audit. Following articles outline how to enable and analyze the results:
http://support.microsoft.com/kb/814595/
http://www.windowsecurity.com/articles/Understanding_Windows_Logging.html
http://207.46.19.60/technet/prodtechnol/windows2000serv/maintain/monitor/logevnts.mspx

However using auditing can be time consuming to filter and extract.

Another option is to add the lines below to each users logon and log off script to create a log file. It would give you UserName, ComputerName, date and time, in a simple single line, followed by the IP from which they connected, if needed. If you wish to know logoff times as well, you can add the same lines to a log off script in group policy (if you don't already have one: User Configuration | Windows settings | Scripts | Logoff). You likely won’t need the last line (IP address) in the log off script.

As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File

Log On:  jdoe SERVER1  Tue 1/1/2007   9:01
  TCP    10.0.1.100:3389        66.66.123.123:1234        ESTABLISHED

Log Off: jdoe SERVER1  Tue 1/1/2007   9:31

Log On:  jsmith SERVER2  Tue 1/1/2007   11:00
  TCP    10.0.1.200:3389        66.66.123.124:1234        ESTABLISHED

Log Off: jsmith SERVER1  Tue 1/1/2007   11:30
---------------------------------------------------------------------------

:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo. >> "\\Server\Logs\LogOns.Log"
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,16%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

---------------------------------------------------------------------------
Note the users will need to have read/write and execute permissions for the \\Server\Logs\LogOns.Log  file.

Author

Commented:
Thanks guys.  Looks like I will not find exactly what I am looking for but there are other ways to address this.