• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1267
  • Last Modified:

Logon / Logoff GPO not working

Need to see all log off and log on activity in the domain. So I made a GPO following these instructons:

http://social.technet.microsoft.com/wiki/contents/articles/20422.record-logon-logoff-activities-on-domain-servers-and-workstations-using-group-policy.aspx

Ran a GPUpdate.exe /force

One logon csv showed up with one entry for someone logging onto that server (not me). Nothing else since. I linked the GPO to the whole domain in which there are many, many users logging on and off different computers and servers. Why is it "stuck"? And why isn't the log off one even working?  Any help is much appreciated.
0
new_to_networks
Asked:
new_to_networks
  • 12
  • 3
  • 2
  • +3
1 Solution
 
zalazarCommented:
It might be that it's related to "User Group Policy loopback processing mode"
Please see also:
http://social.technet.microsoft.com/wiki/contents/articles/2548.windows-server-understand-user-group-policy-loopback-processing-mode.aspx
Do you have set this policy ?
It should be set to "Replace".
0
 
SeanSystem EngineerCommented:
I wouldn't use the shared folder, i would copy it into the GPO's shared folder which is what pops up when you click the browse button when creating the login/logoff GPO. This way you will be sure to have the correct permissions. As zalazar said it could be the gpo loopbacking processing as well.
0
 
new_to_networksAuthor Commented:
Ok I went in and set User Group Policy loopback processing mode to "replace" under computer configuration. Ran the force command. Right now I have the permissions on that folder set to everyone and shared with everyone trying to get it to work. The folder is right there on that same server.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
new_to_networksAuthor Commented:
Ok its now working for users logging on and off of that server. But the GPO is linked to the whole domain and this domain controller is in no way specified. Why are those other logins and logoffs not coming in?
0
 
SeanSystem EngineerCommented:
Group Policy does not update the second you make a change to the policy. Replication can take up to 90 minutes. A computer checks GPO every 90 min at random times so the servers are not hit all at once. Let things replicate and then check it. Or do the gpupdate /force on the PCs by hand and check if its working.
0
 
new_to_networksAuthor Commented:
I've done the force on other servers and some machines here. It only seems to record the logon and logoffs on that domain controller where I did the GPO only.
0
 
new_to_networksAuthor Commented:
When I run GP Results wizard on other servers for my user name- it says that GPO is applied. Its not under Denied or anything. Not showing up in the csvs at all.
0
 
new_to_networksAuthor Commented:
Not even working at all now. That server has stopped recording the logon and logoffs.
0
 
SeanSystem EngineerCommented:
From the other server try to open the csv file and edit and save it by using the share name just to be 100% sure your permissions are correct.
0
 
new_to_networksAuthor Commented:
Yeah I can do that ok. I don't think things aren't collecting to the DC right. Under status and then Status Details, then GPOs it says:  Data is uncollected. It says:  no infrastructure Status exists for this domain. When I click Detect Now I'm getting:

A processing error occurred collecting data using this base domain controller. Please change the base domain controller and try again.
0
 
new_to_networksAuthor Commented:
I've opened up a new question because of other stuff related to this here:

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_28303682.html
0
 
new_to_networksAuthor Commented:
Ok made some changes (in other posting) and now the Status tab is working in GP Management. It shows that everything is replicating ok- but nothing is happening. The log on/offs only appear for that original DC I set it up on. Its weird because nowhere is that server specified in the GPO- it applies to the whole domain and applies to everyone. When I run the results wizard against myself on another DC- its shows the policy being applied to me, but my log on log off is not going to the csvs. The share is totally shared and everyone has permission to it- I don't know what's preventing the tons of log on log offs from getting to those csvs...
0
 
new_to_networksAuthor Commented:
Does anyone have any recommendations for log on log off auditing software that I could get that would pull from the whole domain?
0
 
Detlef001Commented:
Does anyone have any recommendations for log on log off auditing software that I could get that would pull from the whole domain?

Yes try there , one is a free ware and the other is paid one . If it is only at the case all should be in a AD and a part of the domain.

Click here for freeware and for  paid tool.

Thanks
0
 
new_to_networksAuthor Commented:
Yeah it seems like those run off of active directory, and believe it or not, it doesn't record log off events, only log on.
0
 
Detlef001Commented:
Ok then it can be as i also cross checked and it was log off details only the you need to go for the paid tool of AD as they would be only perfect to handle your query.

Thanks and try the paid one
0
 
new_to_networksAuthor Commented:
I tried the paid version but still no log off capability was included. I told them that their software details said that it was included and this is how they responded:

"Sorry for the trouble you faced, we are releasing the upgraded version of the software in the next month in which we are providing the log off user detail as well. Till then if you have any other query related to our software you can ask to us.
Thanks & Regards"

So, still left in the lurch.
0
 
Kevin HaysIT AnalystCommented:
I currently just use a batch script I wrote to record login/logoff times under GPMC/User Config/Policies/Windows Settings/Scripts/Logon(Logoff)

@echo off
setlocal

for /f "tokens=1-3 delims=/ " %%a in ("%date%") do (
  if %%a gtr 9 goto :recheck
  set year=%%c
  set day=%%b
  set month=%%a
)
goto end

:recheck
echo.....recheck
for /f "tokens=2-4 delims=/ " %%a in ("%date%") do (
 set year=%%c
 set day=%%b
 set month=%%a
)

:end
set datenow=%month%-%day%-%year%

echo LOGIN:  %userdomain%\%username%, %datenow%, %time%, %computername% >> \\dc2\logs$\%username%.log

Open in new window


DNS has to be setup correctly to start with.  
dc2 = the servername to store data
logs$ = a hidden share on the server
%username%.log = the user who logged on
0
 
new_to_networksAuthor Commented:
Thanks, I'm super busy right now, it will take me a bit to get to this and set it up. I will let you know asap.
0
 
gheistCommented:
You can forward events to central server.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 12
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now