Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Track RWW users?

Posted on 2011-03-22
7
Medium Priority
?
792 Views
Last Modified: 2012-06-21
I am running SBS08 and need a way to track RWW log on's and log off's.  Anyone out there have a solution to do this?
0
Comment
Question by:wdabbs
  • 4
  • 2
7 Comments
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 400 total points
ID: 35193013
Tracking log ons should be easy enough - you can use web logs or Event Logs.  Tracking log offs is another story.  The RWW session will time-out but things like Remote Desktop Sessions can remain open.
0
 

Author Comment

by:wdabbs
ID: 35193037
Look for a bit more granular information, such as user who is logging in and when
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 1600 total points
ID: 35194573
The RWW logging is done in the following log:
C:\Program Files\Windows Small Business Server\Logs\WebWorkplace\w3wp.log
It will take a while to parse the necessary information.

I have used logon and log off scripts to document terminal server users. The same can be used for RWW sessions but it would log every connection by a user to any PC whether local or remote so it will get lengthy. It will show the IP from which they connected so you determinermin if it was local or RWW. In the case of RWW rather than terminal services, I think it will show the SBS IP rather than the actual remote IP.

Add the lines below to each users logon and log off script to create a log file. It would give you UserName, ComputerName, date and time, in a simple single line, followed by the IP from which they connected, if needed. If you wish to know logoff times as well, you can add the same lines to a log off script in group policy (if you don't already have one: User Configuration | Windows settings | Scripts | Logoff). You likely won’t need the last line (IP address) in the log off script.

As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File

Log On:  jdoe SERVER1  Tue 1/1/2007   9:01
  TCP    10.0.1.100:3389        66.66.123.123:1234        ESTABLISHED

Log Off: jdoe SERVER1  Tue 1/1/2007   9:31

Log On:  jsmith SERVER2  Tue 1/1/2007   11:00
  TCP    10.0.1.200:3389        66.66.123.124:1234        ESTABLISHED

Log Off: jsmith SERVER1  Tue 1/1/2007   11:30
---------------------------------------------------------------------------

:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo. >> "\\Server\Logs\LogOns.Log"
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,16%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

---------------------------------------------------------------------------
Note the users will need to have read/write and execute permissions for the \\Server\Logs\LogOns.Log  file.
0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 35793481
I don't understand why you are deleting the question when you received a viable answer. Though it may not be exactly what you were looking for, some sort of reply might have allowed us to assist further.
It is frustrating for the "experts", who volunteer their time, to take the time to try to carefully answer a question and then have the author delete it out of lack of interest.
--Rob
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35793564
Thank you wdabbs. Please let us know if we can help further with the reporting.
Cheers!
--Rob
0
 

Author Comment

by:wdabbs
ID: 35793599
Sorry, I am not the one from this company who posted this question and it looks to have been abandoned, I could not post a new question with this one still out here so I tried deleting it. I am sorry if that bummed you out. Since I can't find out who authored this question to begin with, I'll go ahead and accept your solution and we can move forward. All of us here appreciate the work you all do and you have put us on the right track many times
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35793666
Thanks for explaining wdabbs, I appreciate your circumstances.
We all understand that happens, juts post a note to that effect in future and then delete or close. Even a "that won't work" is fine. Sorry to be a whiner :-)
0

Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
While Plesk offers many potential benefits to website administrators, including compatibility with Windows Server and other leading technologies, the company has also been working to differentiate it from other control panels for content management…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question