We help IT Professionals succeed at work.

How to require a login reason on Windows Server 2003?

On Windows servers, when you try to shut down it will request a reason explaining why you have chosen to do so.  I would like to know whether there are any similar utilities to ask for a reason when an administrator logs into a Windows Server (via RDP for example).  We are looking for this to help provide a better audit trail of our activities.
Watch Question

I am not aware of any feature that will do what you are asking.  You can set many different audit logs.  see this site

Top Expert 2013
I have not seen such an add on either. But logging users access to the server is a common question. You may wish to look at the following options:
You can enable detailed auditing and within the configuration, you can configure the systems and successful and/or failed events you wish to audit. Following articles outline how to enable and analyze the results:

However using auditing can be time consuming to filter and extract.

Another option is to add the lines below to each users logon and log off script to create a log file. It would give you UserName, ComputerName, date and time, in a simple single line, followed by the IP from which they connected, if needed. If you wish to know logoff times as well, you can add the same lines to a log off script in group policy (if you don't already have one: User Configuration | Windows settings | Scripts | Logoff). You likely won’t need the last line (IP address) in the log off script.

As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File

Log On:  jdoe SERVER1  Tue 1/1/2007   9:01

Log Off: jdoe SERVER1  Tue 1/1/2007   9:31

Log On:  jsmith SERVER2  Tue 1/1/2007   11:00

Log Off: jsmith SERVER1  Tue 1/1/2007   11:30

If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
Echo. >> "\\Server\Logs\LogOns.Log"
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,16%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

Note the users will need to have read/write and execute permissions for the \\Server\Logs\LogOns.Log  file.


Thanks guys.  Looks like I will not find exactly what I am looking for but there are other ways to address this.