Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 684
  • Last Modified:

Who is logged into my Windows 2008 and 2003 servers in Active Directory

I need to check everyday to see who is logged into my production Windows servers.
How is that best and quickly accomplished for 30 servers?
1 Solution
Will SzymkowskiSenior Solution ArchitectCommented:
You can do this via powershell. Take a look at the following link for all the details...

Hope this helps!
Group Policy:

Computer Configuration -> Windows Settings -> Security Settings -> Audit Policy:

Audit account logon events
Audit Logon events

Then you can Filter the events in your Security logs in Even Viewer to display Success Audits only (user successfully logged in) and if you're looking for someone specific you can fill their credentials Domain\Username into the User field.

Once the filter is setup, it should remain until you uncheck it.
As xDUCKx says, auditing is the only way to be sure but if you want a quick and dirty who is logged on NOW I would use psloggedon from Sysinternals (part of Microsoft).  You can find the details and download link here ==> http://technet.microsoft.com/en-us/sysinternals/bb897545.aspx

It can be scheduled to run every hour if you wish.  You can then use psshutdown to log the user off as well if you need to.

Hope this helps

ThinkPaperIT ConsultantCommented:
As Priz stated, PsLoggedOn is a quick way to determine who is logged on it NOW.

If you want something more substantial, you can set up a logon and logoff script to "timestamp" with the user's logon name whenever they log on or off the server and have that info displayed on the machine's Description attribute (or any other attribute) in Active Directory. Just make sure Authenticated Users have "write" access to the Description field in AD (they should already by default).

We have a similar setup right now for all machines- makes it easy to locate a user's machine versus trying to get the user to tell us what machine they're one.

And if you ever wanted a report, you could do a query in AD and export to an Excel spreadsheet.

The only downside is that the field would be overwritten anytime someone logs off/on the machine so it won't be a "real" recordkeeping method, but more of a "last logged on/off" deal.

Logon script: (you would change to "logoff" for the logoff script)
Set objSysInfo = CreateObject("ADSystemInfo")

Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)

strMessage = objUser.CN & " - logged on at " & Now & "."

objComputer.Description = strMessage

Open in new window


Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now