Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Powershell

Posted on 2016-07-21
13
Medium Priority
?
33 Views
Last Modified: 2016-07-31
Hi All,

This is a compliance issue where we need to track each and every time the user has a logon/logoff, and know the date and time.

Can I have a script whaich can be deployed through appsense instead GPO.
0
Comment
Question by:Techie solution
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 9

Expert Comment

by:James Rankin
ID: 41723636
0
 

Author Comment

by:Techie solution
ID: 41723648
There is no ~Custom key , what should I do now
0
 
LVL 9

Expert Comment

by:James Rankin
ID: 41723669
The custom key is just an area where you write the value. Create or change it as appropriate for your environment - create it with a group policy preference if necessary.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Techie solution
ID: 41723700
I dont want to include registry . I need to save the login and logoff user computername and date and time in one file.
0
 
LVL 9

Expert Comment

by:James Rankin
ID: 41723704
Ok, just write the data to a file instead of to the registry using Out-File or similar cmdlet
0
 
LVL 9

Expert Comment

by:James Rankin
ID: 41723707
Although that script I linked to does actually write out to a file when the user logs out
0
 

Author Comment

by:Techie solution
ID: 41725217
Created the powershell script , working for domain admins but not for domain users.
Please help.
0
 
LVL 9

Expert Comment

by:James Rankin
ID: 41725229
Can you post the script you are using? Sounds like it is trying to write to HKLM or a restricted filesystem area
0
 

Accepted Solution

by:
Techie solution earned 0 total points
ID: 41725236
$LogPath = "\\X-syslog-01\D$\Logs\LogIn.log"
   
If(!(Test-Path -Path $LogPath)){
    New-Item -Path $LogPath -Value "" -ItemType File  
}
   
$LogValue = "Log In User:"+$env:username+",Time:"+(Get-Date).ToString()+",Machine:"+$env:computername
   
Add-Content -Path $LogPath -Value $LogValue
Add-Content -Path $LogPath -Value "*********************"
   



$LogPath = "\\X-syslog-01\D$\Logs\LogOff.log"
   
If(!(Test-Path -Path $LogPath)){
    New-Item -Path $LogPath -Value "" -ItemType File  
}
   
$LogValue = "Log Off User:"+$env:username+",Time:"+(Get-Date).ToString()+",Machine:"+$env:computername
   
Add-Content -Path $LogPath -Value $LogValue
Add-Content -Path $LogPath -Value "*********************"
0
 
LVL 9

Expert Comment

by:James Rankin
ID: 41725253
The problem is the D ( dollar) share in your log file path is only accessible to administrators. Use a different share , you could simply share the d: drive again under a different share name and use that.
0
 

Author Comment

by:Techie solution
ID: 41725268
what do you mean i am unable to get you.
0
 
LVL 9

Assisted Solution

by:James Rankin
James Rankin earned 2000 total points
ID: 41725305
This is your log path - $LogPath = "\\X-syslog-01\D$\Logs\LogIn.log"

The "d$" share is a hidden share which is only accessible to local Administrators. Therefore the log can only be written by a user with admin rights, hence why it is not working. The second log file path also traverses the d$ share.

Share the D: drive again, this time giving it a different name (for instance "D" instead). Allow Users Read/Write access to the share. Update the log file to $LogPath = "\\X-syslog-01\D\Logs\LogIn.log" This should now work for everyone.

There are security issues possibly attached - you may want to consider a separate file share with no sensitive information underneath, but this should get you going.
0
 

Author Closing Comment

by:Techie solution
ID: 41736367
I wrote the code.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question