Windows server 2012 logon policy
Dear Experts,
I want to trace all the users logon , logoff & also the computer details activity in my organisation. How can i trace it. Is there any scripts or free software through which we can trace. Also through event viewer -security i can see users logon & logoff. But when i go to the particular user properties -Attribute tab i can see the logon time as totally different. totally confused.
So , experts please suggest me a good scripts or software to trace users logon details.
Regards,
JCT
I want to trace all the users logon , logoff & also the computer details activity in my organisation. How can i trace it. Is there any scripts or free software through which we can trace. Also through event viewer -security i can see users logon & logoff. But when i go to the particular user properties -Attribute tab i can see the logon time as totally different. totally confused.
So , experts please suggest me a good scripts or software to trace users logon details.
Regards,
JCT
ASKER
Hi ,
Can you please help how to assign this scripts through group policy to all the users. Do i need to create a shared folder in the server. Can you also please provide me any links.
Regards,
JCT
Can you please help how to assign this scripts through group policy to all the users. Do i need to create a shared folder in the server. Can you also please provide me any links.
Regards,
JCT
add it to your default domain policy if you want, I tend to make each policy separate This way I know where to look to change a setting.. Meaning I don't have to run rsop and look for the setting and see which policy applied that setting. And yes you do need a network share that everyone has modify ntfs and write share security settings. Better to use an admin share by just appending a $ to the sharename that way users won't know to browse to it
Spiceworks has basically the same idea and some improvments and some vbs scripts that are interesing.. pick and chose
http://community.spiceworks.com/scripts/show/70-track-login-and-logout?page=4
Spiceworks has basically the same idea and some improvments and some vbs scripts that are interesing.. pick and chose
http://community.spiceworks.com/scripts/show/70-track-login-and-logout?page=4
ASKER
Hi,
I am having too much confusion in the logon script. I have created a shared folder in the server. Under that I have created two subfolders with the name Users & computers. Now how to create scrpts for logon & logoff & how to set it in GPO
Regards,
Jibu
I am having too much confusion in the logon script. I have created a shared folder in the server. Under that I have created two subfolders with the name Users & computers. Now how to create scrpts for logon & logoff & how to set it in GPO
Regards,
Jibu
How to apply the logon/logoff/startup/shutd
https://technet.microsoft.com/en-us/magazine/dd630947.aspx
https://technet.microsoft.com/en-us/magazine/dd630947.aspx
ASKER
Hi ,
I followed the steps that is mentioned in the below site.
http://community.spiceworks.com/how_to/82-monitor-user-log-in-and-log-off-without-software
Created main folder & also created two sub folders. the main folder is \\server\share $. after that created the scripts as mentioned in the above link. Went to group policy & added the scripts & linked it with the required OUs. But when ever those users are login or logout there is nothing in the shared folder.
The shared folder is in different server.
Regards,
Jct
I followed the steps that is mentioned in the below site.
http://community.spiceworks.com/how_to/82-monitor-user-log-in-and-log-off-without-software
Created main folder & also created two sub folders. the main folder is \\server\share $. after that created the scripts as mentioned in the above link. Went to group policy & added the scripts & linked it with the required OUs. But when ever those users are login or logout there is nothing in the shared folder.
The shared folder is in different server.
Regards,
Jct
did you change the scripts to point to the proper share?
i.e.
\\servername\share to your actuall \\serverame
and did you modify the share and ntfs permissions
share - everyone write/read
ntfs - everyone read/write/modify
i.e.
\\servername\share to your actuall \\serverame
and did you modify the share and ntfs permissions
share - everyone write/read
ntfs - everyone read/write/modify
ASKER
Hi ,
The script is pointing to wards the share. even it is shared with everyone with read & write permission. You mentioned ntfs . how can i do this. Also the shared folder is hidden. so in the script do i need to show the path \\servername\shared name$ or \\servername\shared name.
Please guide.
Regards,
JCT
The script is pointing to wards the share. even it is shared with everyone with read & write permission. You mentioned ntfs . how can i do this. Also the shared folder is hidden. so in the script do i need to show the path \\servername\shared name$ or \\servername\shared name.
Please guide.
Regards,
JCT
you need the $ for hidden (administrative) shares
in servermanager go to File and Storage Services \ Shares
locate the share / right click on it / select properties / click the + beside permissions
in servermanager go to File and Storage Services \ Shares
locate the share / right click on it / select properties / click the + beside permissions
ASKER
Hi ,
The share permission is the same as you mentioned above. Even in the unc path i have added \\servername\shared$. But still its not working. The script that is pointing is in the sysvol foler. May be in the GP I have done something wrong.
Regards,
JCT
The share permission is the same as you mentioned above. Even in the unc path i have added \\servername\shared$. But still its not working. The script that is pointing is in the sysvol foler. May be in the GP I have done something wrong.
Regards,
JCT
ASKER
Dear Experts,
Still I am facing the problem
JCT
Still I am facing the problem
JCT
users only have READ permissions in the sysvol folder.. put the logs somewhere else!
ASKER
Hi ,
The shared folder is in different server & that to in different drive. What I have done is created a folder with the name users . this I have shared with everyone & also its hidden. Under the users folder created two folder subfolders with the name Computers & User details. Under computer there is a notepad.log file & also under User details there is a notepad with usernotepad.log.
Now can you please provide me a script & also how to link this script with the group policy.
Regards,
JCT
The shared folder is in different server & that to in different drive. What I have done is created a folder with the name users . this I have shared with everyone & also its hidden. Under the users folder created two folder subfolders with the name Computers & User details. Under computer there is a notepad.log file & also under User details there is a notepad with usernotepad.log.
Now can you please provide me a script & also how to link this script with the group policy.
Regards,
JCT
The most effective way to accomplish this is by enabling Directory Service Auditing on the Default Domain Controllers Policy. This will enable auditing on users in your domain and the info will be stored in the Security Logs on your domain controllers.
In order to easily detect and read the Security Logs i would recommend using Active Directory Auditor Lepide Software.
http://www.lepide.com/lepideauditor/active-directory.html
Configure Active Directory Auditing
https://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx
Will.
In order to easily detect and read the Security Logs i would recommend using Active Directory Auditor Lepide Software.
http://www.lepide.com/lepideauditor/active-directory.html
Configure Active Directory Auditing
https://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx
Will.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You need to apply script at logon/logoff and not at computer startup or shutdown. There is no direct way to check the same if auditing is enabled you can check the DC event log to track the same.You can also use thrid party tool (PSLogggedON or ManageEngine, EventCombT)or script to check the same.
I think one simple way to accomplish this is to implement a logon/logoff script script like below, that will capture the value of %logonserver% variable of every client and record it to a central location(like a file share, note that you must give write permission to Domain Users) :
echo logon,%username%,%logonser
http://support.microsoft.com/kb/556015
Assign User Logon Scripts
https://technet.microsoft.com/en-us/library/cc770908.aspx
Currently Logged On Users to domain
http://www.manageengine.com/products/desktop-central/windows-user-logon-reports.html
http://technet.microsoft.com/en-us/sysinternals/bb897545
https://social.technet.microsoft.com/Forums/en-US/302ae523-6f34-428e-9c45-c8e29d1d7d7f/how-to-get-the-computer-of-a-logged-in-domain-user?forum=winserverDS
I think one simple way to accomplish this is to implement a logon/logoff script script like below, that will capture the value of %logonserver% variable of every client and record it to a central location(like a file share, note that you must give write permission to Domain Users) :
echo logon,%username%,%logonser
http://support.microsoft.com/kb/556015
Assign User Logon Scripts
https://technet.microsoft.com/en-us/library/cc770908.aspx
Currently Logged On Users to domain
http://www.manageengine.com/products/desktop-central/windows-user-logon-reports.html
http://technet.microsoft.com/en-us/sysinternals/bb897545
https://social.technet.microsoft.com/Forums/en-US/302ae523-6f34-428e-9c45-c8e29d1d7d7f/how-to-get-the-computer-of-a-logged-in-domain-user?forum=winserverDS
ASKER
Hi,
As now its weekend here. My next working day is on Sunday. Will update on Sunday.
Regards,
jct
As now its weekend here. My next working day is on Sunday. Will update on Sunday.
Regards,
jct
@Sandeshdubey please follow the thread.. The original question was:
want to trace all the users logon , logoff & also the computer details activity in my organisation. How can i trace it. Is there any scripts or free software through which we can traceHe has all of the tools/scripts needed just a little confused as how to implement them Event logs tend to get overwritten. and going to each DC in a large organization is hardly practical. Yes there are log utilities that can do this.. but teaching this user how to configure and use these products which offer way more than what the user currently needs and this users current skill level are worlds apart. Please follow the conversation
ASKER
Hi ,
Joined the office today. Will keep you all updated. As I have mentioned in most of my posts that I am totally new to the server side. So I may ask questions which is difficult for me to solve & which may sound unusual for the experts.
Regards,
JCT
Joined the office today. Will keep you all updated. As I have mentioned in most of my posts that I am totally new to the server side. So I may ask questions which is difficult for me to solve & which may sound unusual for the experts.
Regards,
JCT
ASKER
Hi ,
I have attached the logon & logoff scripts. The shared folder is in another server with the name Logs(hidden share).Under that is the subfolders with the name computers & users & under this I have created two files with the name computer.log & user.log.Given the permission to everyone .
The script is in domain-sysvol-scripts.
May be i am having something missing in the scripts.
Regards,
JCT
Logon-.txt
Logoff.txt
I have attached the logon & logoff scripts. The shared folder is in another server with the name Logs(hidden share).Under that is the subfolders with the name computers & users & under this I have created two files with the name computer.log & user.log.Given the permission to everyone .
The script is in domain-sysvol-scripts.
May be i am having something missing in the scripts.
Regards,
JCT
Logon-.txt
Logoff.txt
ASKER
logon.cmd
echo %username%,logon,%computer
logoff.cmd
echo %username%,logged off,%computername%,%date%,