Solved

dhcp

Posted on 2011-03-12
11
437 Views
Last Modified: 2012-08-13
management at my company wants me to see what websites people are going to. im using squid with sarg and webmin. the reports in webmin show the sites and the ip addresses that people visit. since i have the ip address - could i match the ip address to a user's login? I have a windows 2003 domain. my domain controller is the dhcp server - and another domain controller takes care of users and computers
0
Comment
Question by:JeffBeall
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 35117994
You can use the DHCP server to determine what PC a user was logged on to, then filter the Active Directory secutiry event logs to see who was logged on to a PC at a particular time.  This will help you correlate info with the web access logs.
0
 
LVL 1

Expert Comment

by:janvanderwijk
ID: 35117998
netstat -a <ipaddress> could give you the username
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35118096
the dhcp control panel shows only the computer names, which wouldn't help me because the computer names are randomly generated. i tried netstat -a <ipaddress> but it's just showing a bunch of ports that ( i think ) the server is listening on.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 46

Expert Comment

by:Craig Beck
ID: 35118142
Sorry, I typo'd my response!  What I meant was...

You can use the DHCP server to determine what IP address was assigned to which PC, then filter the Active Directory secutiry event logs to see who was logged on each PC at a particular time.  This will help you correlate info with the web access logs.

I thnk NBTSTAT will show you who is logged on to a PC, not NETSTAT.
0
 
LVL 1

Assisted Solution

by:janvanderwijk
janvanderwijk earned 166 total points
ID: 35118179
@craigbeck, Yep, typo it is... My bad.... nbtstat -s <ipaddress> should do the trick for a single ipaddress.
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35118227
i tried the nbtstat -a <ipaddress> and nbtstat -s <ipaddress> ; -s didn't seem to work, but nbtstat -a <ipaddress> seemed to work - but i didn't get the login name - it looks like it still is getting the computer name which wouldnt help me.
i went to the security log of the server that has DHCP but i couldn't find the users name i was looking for - i found my login name but it didn't show the ip address of the computer i was on.
0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 35119517
Hi,

To locate the logged on user, a free little command line utility called PSLoggedOn works well:
http://www.sysinternals.com/Utilities/PsLoggedOn.html

Regards,
Prem
0
 
LVL 17

Accepted Solution

by:
Premkumar Yogeswaran earned 167 total points
ID: 35119520
error on above posted link..

check this link to download

http://technet.microsoft.com/en-us/sysinternals/bb897545

Regards,
PRem
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 167 total points
ID: 35120955
I found my login name but it didn't show the ip address of the computer i was on.

The security log will only show you computer names, and logged on usernames, so you need to get the computer name from the security log, then check the DHCP server for the computer name.  This will show you the corresponding MAC address and IP address (which is what you get in your web logs).
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35121618
"The security log will only show you computer names, and logged on usernames, so you need to get the computer name from the security log,"

craigbeck - are you saying from the security logges on the server that is running dhcp? or from the domain controller? - i thought it would make more sence if it is on the server running dhcp.
also - i looked in the security logs on the server running dhcp - but i didn't know where to look - for instance - do you filter by a certain criteria?
0
 
LVL 1

Author Closing Comment

by:JeffBeall
ID: 35124578
i found psinfo in the suite of things that are in  psloggedon. i added something in the users login script that uses psinfo, then i find their ip address on the dhcp server. thanks for the help.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question