• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 733
  • Last Modified:

How to tell who has been logging in to a Windows 7 PC on an SBS 2008 Domain

Hey guys,

How can I tell what users have been logging onto a workstation? The owner of a company is saying there's a different user name as his last logged in user each morning he gets in. I need to find out exactly who that is and what time it's occurring...
Windows 7 Pro connected to SBS 2008 Domain.

Thanks!
0
optimus_nz
Asked:
optimus_nz
1 Solution
 
Rob WilliamsCommented:
Micorosft has a tool psloggedon that will tell you IS logged on but not who WAS logged on:
http://technet.microsoft.com/en-us/sysinternals/bb897545.aspx

We usually add the following scrippt to the all users logon script  to create a log file. It would give you UserName, ComputerName, date and time, in a simple single line, followed by the IP from which they connected, if needed. If you wish to know logoff times as well, you can add the same lines to a log off script in group policy (if you don't already have one: User Configuration | Windows settings | Scripts | Logoff). You likely won’t need the last line (IP address) in the log off script.

As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File

Log On:  jdoe SERVER1  Tue 1/1/2007   9:01
  TCP    10.0.1.100:3389        66.66.123.123:1234        ESTABLISHED

Log Off: jdoe SERVER1  Tue 1/1/2007   9:31

Log On:  jsmith SERVER2  Tue 1/1/2007   11:00
  TCP    10.0.1.200:3389        66.66.123.124:1234        ESTABLISHED

Log Off: jsmith SERVER1  Tue 1/1/2007   11:30
---------------------------------------------------------------------------

:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo. >> "\\Server\Logs\LogOns.Log"
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,16%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

---------------------------------------------------------------------------
Note the users will need to have read/write and execute permissions for the \\Server\Logs\LogOns.Log  file.
0
 
optimus_nzAuthor Commented:
Perfect. Thanks!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now