[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Logon / Logoff GPO not working

Posted on 2013-11-25
22
Medium Priority
?
1,255 Views
Last Modified: 2014-01-13
Need to see all log off and log on activity in the domain. So I made a GPO following these instructons:

http://social.technet.microsoft.com/wiki/contents/articles/20422.record-logon-logoff-activities-on-domain-servers-and-workstations-using-group-policy.aspx

Ran a GPUpdate.exe /force

One logon csv showed up with one entry for someone logging onto that server (not me). Nothing else since. I linked the GPO to the whole domain in which there are many, many users logging on and off different computers and servers. Why is it "stuck"? And why isn't the log off one even working?  Any help is much appreciated.
0
Comment
Question by:new_to_networks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 3
  • 2
  • +3
22 Comments
 
LVL 12

Expert Comment

by:zalazar
ID: 39675642
It might be that it's related to "User Group Policy loopback processing mode"
Please see also:
http://social.technet.microsoft.com/wiki/contents/articles/2548.windows-server-understand-user-group-policy-loopback-processing-mode.aspx
Do you have set this policy ?
It should be set to "Replace".
0
 
LVL 11

Expert Comment

by:Sean
ID: 39675660
I wouldn't use the shared folder, i would copy it into the GPO's shared folder which is what pops up when you click the browse button when creating the login/logoff GPO. This way you will be sure to have the correct permissions. As zalazar said it could be the gpo loopbacking processing as well.
0
 

Author Comment

by:new_to_networks
ID: 39675674
Ok I went in and set User Group Policy loopback processing mode to "replace" under computer configuration. Ran the force command. Right now I have the permissions on that folder set to everyone and shared with everyone trying to get it to work. The folder is right there on that same server.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:new_to_networks
ID: 39675686
Ok its now working for users logging on and off of that server. But the GPO is linked to the whole domain and this domain controller is in no way specified. Why are those other logins and logoffs not coming in?
0
 
LVL 11

Expert Comment

by:Sean
ID: 39675697
Group Policy does not update the second you make a change to the policy. Replication can take up to 90 minutes. A computer checks GPO every 90 min at random times so the servers are not hit all at once. Let things replicate and then check it. Or do the gpupdate /force on the PCs by hand and check if its working.
0
 

Author Comment

by:new_to_networks
ID: 39675786
I've done the force on other servers and some machines here. It only seems to record the logon and logoffs on that domain controller where I did the GPO only.
0
 

Author Comment

by:new_to_networks
ID: 39675841
When I run GP Results wizard on other servers for my user name- it says that GPO is applied. Its not under Denied or anything. Not showing up in the csvs at all.
0
 

Author Comment

by:new_to_networks
ID: 39675869
Not even working at all now. That server has stopped recording the logon and logoffs.
0
 
LVL 11

Expert Comment

by:Sean
ID: 39675884
From the other server try to open the csv file and edit and save it by using the share name just to be 100% sure your permissions are correct.
0
 

Author Comment

by:new_to_networks
ID: 39675924
Yeah I can do that ok. I don't think things aren't collecting to the DC right. Under status and then Status Details, then GPOs it says:  Data is uncollected. It says:  no infrastructure Status exists for this domain. When I click Detect Now I'm getting:

A processing error occurred collecting data using this base domain controller. Please change the base domain controller and try again.
0
 

Author Comment

by:new_to_networks
ID: 39676505
I've opened up a new question because of other stuff related to this here:

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_28303682.html
0
 

Author Comment

by:new_to_networks
ID: 39678001
Ok made some changes (in other posting) and now the Status tab is working in GP Management. It shows that everything is replicating ok- but nothing is happening. The log on/offs only appear for that original DC I set it up on. Its weird because nowhere is that server specified in the GPO- it applies to the whole domain and applies to everyone. When I run the results wizard against myself on another DC- its shows the policy being applied to me, but my log on log off is not going to the csvs. The share is totally shared and everyone has permission to it- I don't know what's preventing the tons of log on log offs from getting to those csvs...
0
 

Author Comment

by:new_to_networks
ID: 39678344
Does anyone have any recommendations for log on log off auditing software that I could get that would pull from the whole domain?
0
 
LVL 3

Expert Comment

by:Detlef001
ID: 39683428
Does anyone have any recommendations for log on log off auditing software that I could get that would pull from the whole domain?

Yes try there , one is a free ware and the other is paid one . If it is only at the case all should be in a AD and a part of the domain.

Click here for freeware and for  paid tool.

Thanks
0
 

Author Comment

by:new_to_networks
ID: 39691259
Yeah it seems like those run off of active directory, and believe it or not, it doesn't record log off events, only log on.
0
 
LVL 3

Expert Comment

by:Detlef001
ID: 39693746
Ok then it can be as i also cross checked and it was log off details only the you need to go for the paid tool of AD as they would be only perfect to handle your query.

Thanks and try the paid one
0
 

Author Comment

by:new_to_networks
ID: 39717172
I tried the paid version but still no log off capability was included. I told them that their software details said that it was included and this is how they responded:

"Sorry for the trouble you faced, we are releasing the upgraded version of the software in the next month in which we are providing the log off user detail as well. Till then if you have any other query related to our software you can ask to us.
Thanks & Regards"

So, still left in the lurch.
0
 
LVL 16

Accepted Solution

by:
Kevin Hays earned 2000 total points
ID: 39727179
I currently just use a batch script I wrote to record login/logoff times under GPMC/User Config/Policies/Windows Settings/Scripts/Logon(Logoff)

@echo off
setlocal

for /f "tokens=1-3 delims=/ " %%a in ("%date%") do (
  if %%a gtr 9 goto :recheck
  set year=%%c
  set day=%%b
  set month=%%a
)
goto end

:recheck
echo.....recheck
for /f "tokens=2-4 delims=/ " %%a in ("%date%") do (
 set year=%%c
 set day=%%b
 set month=%%a
)

:end
set datenow=%month%-%day%-%year%

echo LOGIN:  %userdomain%\%username%, %datenow%, %time%, %computername% >> \\dc2\logs$\%username%.log

Open in new window


DNS has to be setup correctly to start with.  
dc2 = the servername to store data
logs$ = a hidden share on the server
%username%.log = the user who logged on
0
 

Author Comment

by:new_to_networks
ID: 39727191
Thanks, I'm super busy right now, it will take me a bit to get to this and set it up. I will let you know asap.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39727634
You can forward events to central server.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question