?
Solved

dhcp

Posted on 2011-03-12
11
Medium Priority
?
448 Views
Last Modified: 2012-08-13
management at my company wants me to see what websites people are going to. im using squid with sarg and webmin. the reports in webmin show the sites and the ip addresses that people visit. since i have the ip address - could i match the ip address to a user's login? I have a windows 2003 domain. my domain controller is the dhcp server - and another domain controller takes care of users and computers
0
Comment
Question by:JeffBeall
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 47

Expert Comment

by:Craig Beck
ID: 35117994
You can use the DHCP server to determine what PC a user was logged on to, then filter the Active Directory secutiry event logs to see who was logged on to a PC at a particular time.  This will help you correlate info with the web access logs.
0
 
LVL 1

Expert Comment

by:janvanderwijk
ID: 35117998
netstat -a <ipaddress> could give you the username
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35118096
the dhcp control panel shows only the computer names, which wouldn't help me because the computer names are randomly generated. i tried netstat -a <ipaddress> but it's just showing a bunch of ports that ( i think ) the server is listening on.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 47

Expert Comment

by:Craig Beck
ID: 35118142
Sorry, I typo'd my response!  What I meant was...

You can use the DHCP server to determine what IP address was assigned to which PC, then filter the Active Directory secutiry event logs to see who was logged on each PC at a particular time.  This will help you correlate info with the web access logs.

I thnk NBTSTAT will show you who is logged on to a PC, not NETSTAT.
0
 
LVL 1

Assisted Solution

by:janvanderwijk
janvanderwijk earned 664 total points
ID: 35118179
@craigbeck, Yep, typo it is... My bad.... nbtstat -s <ipaddress> should do the trick for a single ipaddress.
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35118227
i tried the nbtstat -a <ipaddress> and nbtstat -s <ipaddress> ; -s didn't seem to work, but nbtstat -a <ipaddress> seemed to work - but i didn't get the login name - it looks like it still is getting the computer name which wouldnt help me.
i went to the security log of the server that has DHCP but i couldn't find the users name i was looking for - i found my login name but it didn't show the ip address of the computer i was on.
0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 35119517
Hi,

To locate the logged on user, a free little command line utility called PSLoggedOn works well:
http://www.sysinternals.com/Utilities/PsLoggedOn.html

Regards,
Prem
0
 
LVL 17

Accepted Solution

by:
Premkumar Yogeswaran earned 668 total points
ID: 35119520
error on above posted link..

check this link to download

http://technet.microsoft.com/en-us/sysinternals/bb897545

Regards,
PRem
0
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 668 total points
ID: 35120955
I found my login name but it didn't show the ip address of the computer i was on.

The security log will only show you computer names, and logged on usernames, so you need to get the computer name from the security log, then check the DHCP server for the computer name.  This will show you the corresponding MAC address and IP address (which is what you get in your web logs).
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35121618
"The security log will only show you computer names, and logged on usernames, so you need to get the computer name from the security log,"

craigbeck - are you saying from the security logges on the server that is running dhcp? or from the domain controller? - i thought it would make more sence if it is on the server running dhcp.
also - i looked in the security logs on the server running dhcp - but i didn't know where to look - for instance - do you filter by a certain criteria?
0
 
LVL 1

Author Closing Comment

by:JeffBeall
ID: 35124578
i found psinfo in the suite of things that are in  psloggedon. i added something in the users login script that uses psinfo, then i find their ip address on the dhcp server. thanks for the help.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question