Solved

Logon / Logoff GPO not working

Posted on 2013-11-25
22
1,146 Views
Last Modified: 2014-01-13
Need to see all log off and log on activity in the domain. So I made a GPO following these instructons:

http://social.technet.microsoft.com/wiki/contents/articles/20422.record-logon-logoff-activities-on-domain-servers-and-workstations-using-group-policy.aspx

Ran a GPUpdate.exe /force

One logon csv showed up with one entry for someone logging onto that server (not me). Nothing else since. I linked the GPO to the whole domain in which there are many, many users logging on and off different computers and servers. Why is it "stuck"? And why isn't the log off one even working?  Any help is much appreciated.
0
Comment
Question by:new_to_networks
  • 12
  • 3
  • 2
  • +3
22 Comments
 
LVL 11

Expert Comment

by:zalazar
Comment Utility
It might be that it's related to "User Group Policy loopback processing mode"
Please see also:
http://social.technet.microsoft.com/wiki/contents/articles/2548.windows-server-understand-user-group-policy-loopback-processing-mode.aspx
Do you have set this policy ?
It should be set to "Replace".
0
 
LVL 9

Expert Comment

by:Sean
Comment Utility
I wouldn't use the shared folder, i would copy it into the GPO's shared folder which is what pops up when you click the browse button when creating the login/logoff GPO. This way you will be sure to have the correct permissions. As zalazar said it could be the gpo loopbacking processing as well.
0
 

Author Comment

by:new_to_networks
Comment Utility
Ok I went in and set User Group Policy loopback processing mode to "replace" under computer configuration. Ran the force command. Right now I have the permissions on that folder set to everyone and shared with everyone trying to get it to work. The folder is right there on that same server.
0
 

Author Comment

by:new_to_networks
Comment Utility
Ok its now working for users logging on and off of that server. But the GPO is linked to the whole domain and this domain controller is in no way specified. Why are those other logins and logoffs not coming in?
0
 
LVL 9

Expert Comment

by:Sean
Comment Utility
Group Policy does not update the second you make a change to the policy. Replication can take up to 90 minutes. A computer checks GPO every 90 min at random times so the servers are not hit all at once. Let things replicate and then check it. Or do the gpupdate /force on the PCs by hand and check if its working.
0
 

Author Comment

by:new_to_networks
Comment Utility
I've done the force on other servers and some machines here. It only seems to record the logon and logoffs on that domain controller where I did the GPO only.
0
 

Author Comment

by:new_to_networks
Comment Utility
When I run GP Results wizard on other servers for my user name- it says that GPO is applied. Its not under Denied or anything. Not showing up in the csvs at all.
0
 

Author Comment

by:new_to_networks
Comment Utility
Not even working at all now. That server has stopped recording the logon and logoffs.
0
 
LVL 9

Expert Comment

by:Sean
Comment Utility
From the other server try to open the csv file and edit and save it by using the share name just to be 100% sure your permissions are correct.
0
 

Author Comment

by:new_to_networks
Comment Utility
Yeah I can do that ok. I don't think things aren't collecting to the DC right. Under status and then Status Details, then GPOs it says:  Data is uncollected. It says:  no infrastructure Status exists for this domain. When I click Detect Now I'm getting:

A processing error occurred collecting data using this base domain controller. Please change the base domain controller and try again.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Author Comment

by:new_to_networks
Comment Utility
I've opened up a new question because of other stuff related to this here:

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_28303682.html
0
 

Author Comment

by:new_to_networks
Comment Utility
Ok made some changes (in other posting) and now the Status tab is working in GP Management. It shows that everything is replicating ok- but nothing is happening. The log on/offs only appear for that original DC I set it up on. Its weird because nowhere is that server specified in the GPO- it applies to the whole domain and applies to everyone. When I run the results wizard against myself on another DC- its shows the policy being applied to me, but my log on log off is not going to the csvs. The share is totally shared and everyone has permission to it- I don't know what's preventing the tons of log on log offs from getting to those csvs...
0
 

Author Comment

by:new_to_networks
Comment Utility
Does anyone have any recommendations for log on log off auditing software that I could get that would pull from the whole domain?
0
 
LVL 3

Expert Comment

by:Detlef001
Comment Utility
Does anyone have any recommendations for log on log off auditing software that I could get that would pull from the whole domain?

Yes try there , one is a free ware and the other is paid one . If it is only at the case all should be in a AD and a part of the domain.

Click here for freeware and for  paid tool.

Thanks
0
 

Author Comment

by:new_to_networks
Comment Utility
Yeah it seems like those run off of active directory, and believe it or not, it doesn't record log off events, only log on.
0
 
LVL 3

Expert Comment

by:Detlef001
Comment Utility
Ok then it can be as i also cross checked and it was log off details only the you need to go for the paid tool of AD as they would be only perfect to handle your query.

Thanks and try the paid one
0
 

Author Comment

by:new_to_networks
Comment Utility
I tried the paid version but still no log off capability was included. I told them that their software details said that it was included and this is how they responded:

"Sorry for the trouble you faced, we are releasing the upgraded version of the software in the next month in which we are providing the log off user detail as well. Till then if you have any other query related to our software you can ask to us.
Thanks & Regards"

So, still left in the lurch.
0
 
LVL 16

Accepted Solution

by:
kshays earned 500 total points
Comment Utility
I currently just use a batch script I wrote to record login/logoff times under GPMC/User Config/Policies/Windows Settings/Scripts/Logon(Logoff)

@echo off
setlocal

for /f "tokens=1-3 delims=/ " %%a in ("%date%") do (
  if %%a gtr 9 goto :recheck
  set year=%%c
  set day=%%b
  set month=%%a
)
goto end

:recheck
echo.....recheck
for /f "tokens=2-4 delims=/ " %%a in ("%date%") do (
 set year=%%c
 set day=%%b
 set month=%%a
)

:end
set datenow=%month%-%day%-%year%

echo LOGIN:  %userdomain%\%username%, %datenow%, %time%, %computername% >> \\dc2\logs$\%username%.log

Open in new window


DNS has to be setup correctly to start with.  
dc2 = the servername to store data
logs$ = a hidden share on the server
%username%.log = the user who logged on
0
 

Author Comment

by:new_to_networks
Comment Utility
Thanks, I'm super busy right now, it will take me a bit to get to this and set it up. I will let you know asap.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
You can forward events to central server.
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now