?
Solved

dhcp

Posted on 2011-03-12
11
Medium Priority
?
441 Views
Last Modified: 2012-08-13
management at my company wants me to see what websites people are going to. im using squid with sarg and webmin. the reports in webmin show the sites and the ip addresses that people visit. since i have the ip address - could i match the ip address to a user's login? I have a windows 2003 domain. my domain controller is the dhcp server - and another domain controller takes care of users and computers
0
Comment
Question by:JeffBeall
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 35117994
You can use the DHCP server to determine what PC a user was logged on to, then filter the Active Directory secutiry event logs to see who was logged on to a PC at a particular time.  This will help you correlate info with the web access logs.
0
 
LVL 1

Expert Comment

by:janvanderwijk
ID: 35117998
netstat -a <ipaddress> could give you the username
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35118096
the dhcp control panel shows only the computer names, which wouldn't help me because the computer names are randomly generated. i tried netstat -a <ipaddress> but it's just showing a bunch of ports that ( i think ) the server is listening on.
0
WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.

 
LVL 46

Expert Comment

by:Craig Beck
ID: 35118142
Sorry, I typo'd my response!  What I meant was...

You can use the DHCP server to determine what IP address was assigned to which PC, then filter the Active Directory secutiry event logs to see who was logged on each PC at a particular time.  This will help you correlate info with the web access logs.

I thnk NBTSTAT will show you who is logged on to a PC, not NETSTAT.
0
 
LVL 1

Assisted Solution

by:janvanderwijk
janvanderwijk earned 664 total points
ID: 35118179
@craigbeck, Yep, typo it is... My bad.... nbtstat -s <ipaddress> should do the trick for a single ipaddress.
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35118227
i tried the nbtstat -a <ipaddress> and nbtstat -s <ipaddress> ; -s didn't seem to work, but nbtstat -a <ipaddress> seemed to work - but i didn't get the login name - it looks like it still is getting the computer name which wouldnt help me.
i went to the security log of the server that has DHCP but i couldn't find the users name i was looking for - i found my login name but it didn't show the ip address of the computer i was on.
0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 35119517
Hi,

To locate the logged on user, a free little command line utility called PSLoggedOn works well:
http://www.sysinternals.com/Utilities/PsLoggedOn.html

Regards,
Prem
0
 
LVL 17

Accepted Solution

by:
Premkumar Yogeswaran earned 668 total points
ID: 35119520
error on above posted link..

check this link to download

http://technet.microsoft.com/en-us/sysinternals/bb897545

Regards,
PRem
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 668 total points
ID: 35120955
I found my login name but it didn't show the ip address of the computer i was on.

The security log will only show you computer names, and logged on usernames, so you need to get the computer name from the security log, then check the DHCP server for the computer name.  This will show you the corresponding MAC address and IP address (which is what you get in your web logs).
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35121618
"The security log will only show you computer names, and logged on usernames, so you need to get the computer name from the security log,"

craigbeck - are you saying from the security logges on the server that is running dhcp? or from the domain controller? - i thought it would make more sence if it is on the server running dhcp.
also - i looked in the security logs on the server running dhcp - but i didn't know where to look - for instance - do you filter by a certain criteria?
0
 
LVL 1

Author Closing Comment

by:JeffBeall
ID: 35124578
i found psinfo in the suite of things that are in  psloggedon. i added something in the users login script that uses psinfo, then i find their ip address on the dhcp server. thanks for the help.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month12 days, 17 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question