Windows server 2012 logon policy

Dear Experts,

I want to trace all the users  logon , logoff  & also the computer details activity in my organisation.  How can i trace it. Is there any scripts or free software through which we can trace.  Also through event viewer -security i can see users logon & logoff. But when i go to the particular user properties -Attribute tab i can see the logon time as totally different. totally confused.

So , experts please suggest me a good scripts or software to trace users logon details.

Regards,

JCT
LVL 1
jct_777Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
to make things easier I use log-on and log-off scripts
logon.cmd
echo %username%,logon,%computername%,%date%,%time% >>\\server\logs\logon.csv
logoff.cmd
echo %username%,logged off,%computername%,%date%,%time% >>\\server\logoff.csv
0
jct_777Author Commented:
Hi ,

Can you please help how to assign this scripts through group policy to all the users. Do i need to create a shared folder in the server. Can you also please provide me any links.

Regards,

JCT
0
David Johnson, CD, MVPOwnerCommented:
add it to your default domain policy if you want, I tend to make each policy separate This way I know where to look to change a setting.. Meaning I don't have to run rsop and look for the setting and see which policy applied that setting.  And yes you do need a network share that everyone has modify ntfs and write share security settings. Better to use an admin share by just appending a $ to the sharename that way users won't know to browse to it

Spiceworks has basically the same idea and some improvments and some vbs scripts that are interesing.. pick and chose
http://community.spiceworks.com/scripts/show/70-track-login-and-logout?page=4
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

jct_777Author Commented:
Hi,

I am having too much confusion in the logon script. I have created a shared folder in the server. Under that I have created two subfolders with the name Users & computers. Now how to create scrpts for logon & logoff & how to set it in GPO

Regards,

Jibu
0
David Johnson, CD, MVPOwnerCommented:
How to apply the logon/logoff/startup/shutdown scripts using group policy
https://technet.microsoft.com/en-us/magazine/dd630947.aspx
0
jct_777Author Commented:
Hi ,

I followed the steps that is mentioned in the below site.

http://community.spiceworks.com/how_to/82-monitor-user-log-in-and-log-off-without-software

Created main folder & also created two sub folders. the main folder is \\server\share $. after that created the scripts  as mentioned in the above link. Went to group policy & added the scripts & linked it with the required OUs. But when ever those users are login or logout there is nothing in the shared folder.

The shared folder is in different server.

Regards,

Jct
0
David Johnson, CD, MVPOwnerCommented:
did you change the scripts to point to the proper share?
i.e.
\\servername\share to your actuall \\serverame
and did you modify the share and ntfs permissions
share - everyone write/read
ntfs - everyone read/write/modify
0
jct_777Author Commented:
Hi ,

The script is pointing to wards the share.  even it is shared with everyone with read & write permission. You mentioned ntfs . how can i do this. Also the shared folder is hidden. so in the script do i need to show the path  \\servername\shared name$ or \\servername\shared name.

Please guide.

Regards,

JCT
0
David Johnson, CD, MVPOwnerCommented:
you need the $ for hidden (administrative) shares
in servermanager go to File and Storage Services \ Shares
locate the share / right click on it / select properties / click the + beside permissions
File PermissionsShare
0
jct_777Author Commented:
Hi ,

The share permission is the same as you mentioned above. Even in the unc path i have added \\servername\shared$. But still its not working. The script that is pointing is in the sysvol foler. May be in the GP I have done something wrong.

Regards,

JCT
0
jct_777Author Commented:
Dear Experts,

Still I am facing the problem

JCT
0
David Johnson, CD, MVPOwnerCommented:
users only have READ permissions in the sysvol folder.. put the logs somewhere else!
0
jct_777Author Commented:
Hi ,

The shared folder is in different server & that to in different drive. What I have done is created a folder with the name users . this I have shared with everyone & also its hidden. Under the users folder created two folder subfolders with the name Computers & User details. Under computer there is a notepad.log file & also under User details there is a notepad with usernotepad.log.

Now can you please provide me a script & also how to link this script with the group policy.

Regards,

JCT
0
Will SzymkowskiSenior Solution ArchitectCommented:
The most effective way to accomplish this is by enabling Directory Service Auditing on the Default Domain Controllers Policy. This will enable auditing on users in your domain and the info will be stored in the Security Logs on your domain controllers.

In order to easily detect and read the Security Logs i would recommend using Active Directory Auditor Lepide Software.
http://www.lepide.com/lepideauditor/active-directory.html

Configure Active Directory Auditing
https://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx

Will.
0
David Johnson, CD, MVPOwnerCommented:
So you're saying that you don't know how to add these scripts to group policy? Don't be afraid to ask.. We've all had to learn at one point.
There are two areas involved:  one is a computer policy and the other is a user policy
startup and shutdown of the computer
login and logoff of the user
Computer Configuration
Policies -> Windows Settings -> Scripts -> Startup  and also Shutdown go here
User Configuration
Policies -> Windows Settings -> Scripts -> Logon and also Logoff
I created a group policy called 'scripts'
scripts group policyoverviewscriptsshow filesnote the location and that it is saved in a folder which uses a GUID {...} put your script here then add it to the policy.. the same goes for the user configuration
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SandeshdubeySenior Server EngineerCommented:
You need to apply script at logon/logoff and not at computer startup or shutdown. There is no direct way to check the same if auditing is enabled you can check the DC event log to track the same.You can also use thrid party tool (PSLogggedON or ManageEngine, EventCombT)or script to check the same.

I think one simple way to accomplish this is to implement a logon/logoff script script like below, that will capture the value of %logonserver% variable of every client and record it to a central location(like a file share, note that you must give write permission to Domain Users) :
echo logon,%username%,%logonserver%,%computername%,%date%,%time% >>sharedfilepath\logon.csv
http://support.microsoft.com/kb/556015


Assign User Logon Scripts
https://technet.microsoft.com/en-us/library/cc770908.aspx

Currently Logged On Users to domain
http://www.manageengine.com/products/desktop-central/windows-user-logon-reports.html
http://technet.microsoft.com/en-us/sysinternals/bb897545
https://social.technet.microsoft.com/Forums/en-US/302ae523-6f34-428e-9c45-c8e29d1d7d7f/how-to-get-the-computer-of-a-logged-in-domain-user?forum=winserverDS
0
jct_777Author Commented:
Hi,

As now its weekend here. My next working day is on Sunday. Will update on Sunday.

Regards,
jct
0
David Johnson, CD, MVPOwnerCommented:
@Sandeshdubey please follow the thread.. The original question was:
want to trace all the users  logon , logoff  & also the computer details activity in my organisation.  How can i trace it. Is there any scripts or free software through which we can trace
He has all of the tools/scripts needed just a little confused as how to implement them Event logs tend to get overwritten. and going to each DC in a large organization is hardly practical. Yes there are log utilities that can do this.. but teaching this user how to configure and use these products which offer way more than what the user currently needs and this users current skill level are worlds apart. Please follow the conversation
0
jct_777Author Commented:
Hi ,

Joined the office today. Will keep you all updated. As I have mentioned in most of my posts that I am totally new to the server side. So I may ask questions which is difficult for me to solve & which may sound  unusual for the experts.

Regards,

JCT
0
jct_777Author Commented:
Hi ,

I have attached the logon & logoff scripts. The shared folder is in another server with the name Logs(hidden share).Under that is the subfolders with the name computers & users & under this I have created two files with the name computer.log & user.log.Given the permission to everyone .

The script is in domain-sysvol-scripts.
May be i am having something missing in the scripts.

Regards,

JCT
Logon-.txt
Logoff.txt
0
jct_777Author Commented:
Hi ,

I have attached the logoff script. Previous one is the blank one.

Regards,

JCT
Logoff.txt
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.