Solved

Command to list out who & date/time of login to a Windows server

Posted on 2013-12-07
8
626 Views
Last Modified: 2013-12-09
I recall seeing somewhere that there's a command that could list out
the login ids of who login to a Windows server (with the timings/date
of login).

Any idea what's that command or how this can be done in the
Windows 2012 GUI?
0
Comment
Question by:sunhux
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 67 total points
ID: 39703984
You have to enable Auditing to track this.

You can edit the Default Domain Policy in the Group Policy Editor

Double-click Computer Configuration, double-click Policies, and then double-click Windows Settings.

Double-click Security Settings, double-click Advanced Audit Policy Configuration, and then double-click System Audit Policies.

Double-click Logon/Logoff, and then double-click Logon.

Select the Configure the following audit events check box, select the Success check box, select the Failure check box, and then click OK.

Then you can review the Security Event Logs
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 67 total points
ID: 39704042
In addition to proper security logging and checking the last logon times in AD records, build yourself a record of logoff and logon times if you wish from your login/logoff scripts, e.g. batch method:

@echo off
echo %date%,%time%,%computer%,%username%,LOGON>> "\\server\login-info$\user\%username%.txt"
echo %date%,%time%,%computer%,%username%,LOGON >> "\\server\login-info$\computer\%computername%.txt"

And you end up with a text file for each computer and user.  Add the same to logout script and change to different text file, dir, or change word LOGON to LOGOFF etc...

Can soon do with VBScript or whatever you use instead and record any other details along the way -- e.g. simple audit of hardware in pc, free disc space, list of admin group members if not just default etc...

Steve
0
 
LVL 27

Assisted Solution

by:Steve
Steve earned 133 total points
ID: 39704151
The 'quser' command shows what you may be looking for. It's one of several command line ways of using the Remote Desktop Manager functions.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 133 total points
ID: 39704257
From an earlier post of mine:

You can enable detailed auditing and within the configuration, you can configure the systems and successful and/or failed events you wish to audit. Following articles outline how to enable and analyze the results:
http://support.microsoft.com/kb/814595/
http://www.windowsecurity.com/articles/Understanding_Windows_Logging.html
http://207.46.19.60/technet/prodtechnol/windows2000serv/maintain/monitor/logevnts.mspx

However using auditing can be time consuming to filter and extract.

Another option is to add the lines below to each users logon and log off script to create a log file. It would give you UserName, ComputerName, date and time, in a simple single line, followed by the IP from which they connected, if needed. If you wish to know logoff times as well, you can add the same lines to a log off script in group policy (if you don't already have one: User Configuration | Windows settings | Scripts | Logoff). You likely won’t need the last line (IP address) in the log off script.

As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File

Log On:  jdoe SERVER1  Tue 1/1/2007   9:01
  TCP    10.0.1.100:3389        66.66.123.123:1234        ESTABLISHED

Log Off: jdoe SERVER1  Tue 1/1/2007   9:31

Log On:  jsmith SERVER2  Tue 1/1/2007   11:00
  TCP    10.0.1.200:3389        66.66.123.124:1234        ESTABLISHED

Log Off: jsmith SERVER1  Tue 1/1/2007   11:30
---------------------------------------------------------------------------

:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo. >> "\\Server\Logs\LogOns.Log"
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,16%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

---------------------------------------------------------------------------
Note the users will need to have read/write and execute permissions for the \\Server\Logs\LogOns.Log  file.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 39704427
Hmm I assumed this was just asking for users logging in generally rather than to a specific box but can see what you mean, could be either way.

Steve
0
 

Author Comment

by:sunhux
ID: 39706111
If I were to restore the file storing the past logins (as it's been overwritten),
which file (& in which folder) do I need to restore so that quser could read
or list out the past logins?
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 133 total points
ID: 39706280
Unless you had preconfigured logging there is nothing to restore.  The logs are only created if you configure auditing.  It is off by default as the logs become qquite large.

Unfortunately the reason most of us want to know who logged on is something happened but at that point it is too late to find out, unless we had configured one form of logging ahead of time.
0
 
LVL 27

Assisted Solution

by:Steve
Steve earned 133 total points
ID: 39706467
'quser' queries the system directly, just like the remote desktop manager. There is no file involved so no way to look at who was logged in historically.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question