We help IT Professionals succeed at work.

User Login/Logout log

809 Views
Last Modified: 2012-06-27
Hi,

We would like to keep track of user attendance, i.e. every login, logout, date/time, username, maybe computer name as well.  The environment is a Windows 2003 domain controller running exchange, an application server, file server, and approx 10 workstations all joined to the domain except a laptop with Win 7 home.  We would also like to be able to see or run a report by a specific user if possible an any time.  I believe it may come down to group policy.  Can someone shed some light or point me in the right direction?  I'm currently reviewing a couple google articles i found.  Thanks.
Comment
Watch Question

Did you try checking the Security Log on the server?
helpfinderIT Consultant

Commented:
you can check audit policy for this
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Create a login script that applies to the users
login.bat'
@echo off
echo "On %date% %time%, from %computername% user: %username% logged in Connection Type: %sessionname%" >> \\shareserver\sharename\login_logout.log

Open in new window


A similar can be used for the logout event.
logout.bat
@echo off
echo "On %date% %time%, from %computername% user: %username% logged out ">> \\shareserver\sharename\login_logout.log

Open in new window



You could use this as an example and setup a VBscript that will record these events in a database that will be queried.

A user that does not logout will not have a closing session.  There are different tools such as using SNMP and configuring and setting up an SNMPtrapd server.  This way when a user logs in event 528 and 540 could be configured with evntwin to generate an SNMP trap with information on the user, computer, time, and the type of logon.

You can then get those traps and do with as you see fit.  They will record a sleep event and then when unlocked etc.

It all depends on your needs and the time you have to implement this as well as resources i.e. a linux/unix system or use snmptrapd equivalent on the windows platform.

Have  a look at splunk.com.

Author

Commented:
Thanks guys.  I setup the procedure described in the following:

http://community.spiceworks.com/how_to/show/82

For whatever reason, its not working.  I created the batch files, created the network share on my DC with 'everyone' having full control, did gpedit on the server and configured as per the article but nothing.  Am i missing something?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
There are two settings share permissions and security permissions.
What are the security permissions on the file into which log entries will be written?
use a command windows and then run the Login.bat script
do you get an error message?
echo %ERRORLEVEL% after running the script.  If it is anything other than 0 there was a problem in the script.
as a regular user/limited user
try from the command line:
echo "This is a test" >> \\servername\share\computer\%computername%.log
and see what happens.
in this example the computer directory security settings will have to have modify rights to authenticated users.
can you post the output of the server where the share exists:
cacls path\to\the\share\computer?

Author

Commented:
Arnold,

Ran login.bat from command prompt on the server and it works.  Ran the "this is a test" from a client machine as a domain user and it worked.  Mapped a drive to the server from a client PC and ran login.bat and it worked.  Is it just that the Group Policy is not executing?  If so, what/where to check?  The Gpedit is done at the server, correct?  Nothing to configure on each workstation right?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
The group policy has to be refreshed it likely did not propagate..
gpupdate /force

see if the login now updates.

Author

Commented:
forced the gp update.  had a couple users reboot, still nothing.  Am i missing something on the GP?  On the server, i went to start, run, gpedit.msc, user config, windows settings, scripts, and point it to where the appropriate .bat file is, correct?  

do I need to to do it from active directory?  i.e. right click on the "users" OU and properties and then group policy?  or from group policy management under admin tools?  its SBS 2003.

Author

Commented:
Any other ideas?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Could you use GPMC and post the settings?

I have no idea what is going on. i.e. the GP might not apply to the user. i.e. where did you link this login/logout GP?

Does it apply to the user you are testing?
Does this GP only set the login script?

Author

Commented:
There is a 'Staff' OU in AD where its linked.  When I right click on staff and go to properties, there's a group policy tab and under that I have 'open' that opens up the group policy management.  In GPM, i highlight staff and created a new GP.  The link order is 1, GPO is 'new group policy object', under enforced is yes, under link enabled is yes, under gpo status is enabled, wmi filter is none, date created 2/14, and then the domain name.  I then right clicked and selected edit, expand user config, windows settings, scripts and put the path to the bat file under logon and logoff.  

Under properties for logon and logoff, there's a button that says 'show files' to view the script files stored in this gpo and when i click it, it opens up to \\domainname\sysvol\domainname\policies\long number\user\scripts\logon or logoff and its empty.  Should it be?

Let me know if you need additional info.  Appreciate it.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
No, here should be the logon.bat and logoff.bat files/scripts that will be executed when the user logs in.

Author

Commented:
I added them there but still nothing.  Within that same user folder under sysvol, there's a script.ini that has the following:


[Logon]
0CmdLine=E:\Logs\LogOn.bat
0Parameters=
[Logoff]
0CmdLine=E:\Logs\LogOff.bat
0Parameters=
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
e:\logs\logon.bat is a relative reference which does not exist on the workstation.
copy the Logon.bat into \\domainname\sysvol\domainname\policies\long number\user\scripts\logon and LogOff.bat into \\domainname\sysvol\domainname\policies\long number\user\scripts\logoff

This should do it.

Have not used script.ini but if you must use it, you have to use \\sever\sharename\ to where the file can be located.

Author

Commented:
Arnold,

I was able to get this working.  Not exactly sure how as I made changes, created a new policy, etc. and eventually one of the things I did work.  The info and steps you gave me are correct though.  I guess I missing something.  Question:  Is it possible to have this same script run on a Mac?  If so, how?  I'm researching it now as well.  I have 3 macs in the network.  Also, there's one laptop that does not login to the domain.  How can i get the script to run?  Can i just install it locally on the laptop and have it run by doing gpedit on the laptop?  Thanks for your help.
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.