LiquidHonesty Posted June 2, 2006 Share Posted June 2, 2006 Ok, here's the jist of what I was wondering if it's possible.I currently have computers in a student computer setting, customized, that work fine. They're all Windows XP SP2 and all the machines are members on a 2003 AD Domain. Each user logs into the workstation with their own AD UN/PW. What I'm wondering is if there's a way to make a script run or something else so whenever a user logs in, it records their USERNAME and the MACHINE NAME that they're logging into and Date/Time, to a text file somewhere. Each machine records to the same file, etc. A database would work too, anything! We need this to keep track of what user was on what machine and at what time. (Note, I can't just look at the machines to find this data out as I use deep freeze and thus all data is removed off the individual machines nightly).Thanks for ANY help or direction pointing you all can provide! Link to comment Share on other sites More sharing options...
janus zeal Posted June 2, 2006 Share Posted June 2, 2006 Map a network drive on the computer where you want the file stored. in \documents and settings\all users\start menu\startup\ create this batch file: @echo off [x]: cd\ echo username:%username%, workstation: %computername%, time:%time%, date:%date% > %date%_%random%.txt exit im not sure how to make a good output file name for this, so its the current date followed by a random number. a simple search inside the text files in the folder could find what you need. replace [x] with the letter of the maped drive. Link to comment Share on other sites More sharing options...
LiquidHonesty Posted June 2, 2006 Author Share Posted June 2, 2006 (edited) Map a network drive on the computer where you want the file stored. in \documents and settings\all users\start menu\startup\ create this batch file: @echo off [x]: cd\ echo username:%username%, workstation: %computername%, time:%time%, date:%date% > %date%_%random%.txt exit im not sure how to make a good output file name for this, so its the current date followed by a random number. a simple search inside the text files in the folder could find what you need. replace [x] with the letter of the maped drive.That kind of works, but it doesn't increment the file, instead each machine just over writes the existing file that's already there which it seems to name "Fri" which I assume is for Friday and it has no extension. This "Fri" file's contents look like this:username:EMITCHELL0001, workstation: SOM-GHOSTLAP, time:17:34:21.92, date:Fri 06/02/2006 06/02/2006_28078.txtBut we're on the right track....thanks a ton for this.Also, any ideas on how to log when they logoff? Edited June 2, 2006 by LiquidHonesty Link to comment Share on other sites More sharing options...
LiquidHonesty Posted June 2, 2006 Author Share Posted June 2, 2006 Ok, I think I got part of it figured out. Seems it was stopping at the "Fri" part of the date and dropping off due to the space. I changed the file creation to ComputerName_Random.txt and I think this will work just fine actually.HOWEVER, any way to increment the same text file instead of creating a new one each time? To make it just create a new file if there's not one there, and if there is just add a line? Link to comment Share on other sites More sharing options...
LiquidHonesty Posted June 2, 2006 Author Share Posted June 2, 2006 Ok, for reference I found it out....if you use >> instead of just > then it adds it to the same file.Thanks again Janus, this will work just fine. However, if anyone knows how to get it to write a logoff as well, please let me know. Link to comment Share on other sites More sharing options...
janus zeal Posted June 3, 2006 Share Posted June 3, 2006 (edited) your welcome, sorry the original code didnt work as i expected. if your having it add to the old file you might as well remove the random number at the end of the file name.i have another idea for this. if it is possable to have them logoff useing a batch file, then you could just use a mod of the file above, and putshutdown -lat the end. Edited June 3, 2006 by janus zeal Link to comment Share on other sites More sharing options...
LLXX Posted June 3, 2006 Share Posted June 3, 2006 (edited) your welcome, sorry the original code didnt work as i expected. if your having it add to the old file you might as well remove the random number at the end of the file name.i have another idea for this. if it is possable to have them logoff useing a batch file, then you could just use a mod of the file above, and putshutdown -lat the end.The logoff.exe can be renamed to something else, and a small program can be written to replace the logoff.exe, to perform whatever is needed before executing the real logoff program. Edited June 3, 2006 by LLXX Link to comment Share on other sites More sharing options...
LiquidHonesty Posted June 3, 2006 Author Share Posted June 3, 2006 your welcome, sorry the original code didnt work as i expected. if your having it add to the old file you might as well remove the random number at the end of the file name.i have another idea for this. if it is possable to have them logoff useing a batch file, then you could just use a mod of the file above, and putshutdown -lat the end.The logoff.exe can be renamed to something else, and a small program can be written to replace the logoff.exe, to perform whatever is needed before executing the real logoff program.Hrm, this is a thought. Can you create .exe files from .cmd? Also, if the file can't be written (ie, network is down) will it go ahead and execute the logoff command? Link to comment Share on other sites More sharing options...
janus zeal Posted June 3, 2006 Share Posted June 3, 2006 (edited) your welcome, sorry the original code didnt work as i expected. if your having it add to the old file you might as well remove the random number at the end of the file name.i have another idea for this. if it is possable to have them logoff useing a batch file, then you could just use a mod of the file above, and putshutdown -lat the end.The logoff.exe can be renamed to something else, and a small program can be written to replace the logoff.exe, to perform whatever is needed before executing the real logoff program.Hrm, this is a thought. Can you create .exe files from .cmd? Also, if the file can't be written (ie, network is down) will it go ahead and execute the logoff command? yes, and yes. if you want to you can make the batch file and i can compile it into an exe. (send PM)the only problem is that i dont think the computer calls logoff.exe when someone clicks logoff. im going to do a test to see...---edit---that wont work, logoff.exe isnt called. its an api call to shell32.dll (not sure about the dll).i still think that telling them to use a batch file to logoff would work, then remove the logoff command from the startmenu. Edited June 3, 2006 by janus zeal Link to comment Share on other sites More sharing options...
Mr Snrub Posted June 3, 2006 Share Posted June 3, 2006 I would use a simpler logon script batch file:echo %username% logged ON at %time% on %date% >> \\some_server\share\folder\logon-%computername%.txtReplace the UNC path with something more appropriate, no need to map a drive letter or change working directly, disable echo, etc. for such a simple log.It is possible to set up logoff scripts in the same way via Group Policy if you want to record when users logged off the machine too.User Configuration / Windows Settings / Scripts (Logon/Logoff) -> Logoffecho %username% logged OFF at %time% on %date% >> \\some_server\share\folder\logon-%computername%.txtThis would generate and append to a single log file per workstation, recording the logon and logoff time of every user - so long as the client machine can reach the share and the user has write access to the log.(So it might be wise to create the share with a $ appended so it is hidden from browsing.) Link to comment Share on other sites More sharing options...
janus zeal Posted June 3, 2006 Share Posted June 3, 2006 duh! i cant beleve i forgot about that. the only thing to be carefull of is that cmd is wierd about how it handles UNC paths. Link to comment Share on other sites More sharing options...
Mr Snrub Posted June 3, 2006 Share Posted June 3, 2006 (edited) Handling of UNC paths is not usually a problem, however a command prompt does like a drive letter associated with it to have a valid current working directory, so if the batch file were not local then it could have a problem.You could have the batch file present somewhere on each client's local drive, locked in by Deep Freeze, then use either a local policy or group policy to start it to avoid this problem.Or, you could use a script to achieve the same result and this can happily be run from a UNC path (such as the folder where the group policy files are located on the DCs) - this would save you having multiple copies of the script/batch file all over the place:Logon Script:' Variables for use in the scriptconst ForAppending = 8dim objShelldim strUsername, strComputername, strSessiondim objFSO, objFiledim strFilename' Get the environment strings into variablesSet objShell = WScript.CreateObject("WScript.Shell")strUserName = objShell.ExpandEnvironmentStrings("%USERNAME%")strComputerName = objShell.ExpandEnvironmentStrings("%COMPUTERNAME%")strSession = objShell.ExpandEnvironmentStrings("%SESSIONNAME%")' Prepare the file for appending, create if necessarystrFilename = "\\SERVERNAME\SHARENAME\FOLDERNAME\logon-logoff.log"Set objFSO = CreateObject("Scripting.FileSystemObject")Set objFile = objFSO.OpenTextFile(strFilename, ForAppending, True)' Write the line to the log fileobjFile.WriteLine(Date() & " " & Time() & " - " & strUserName & " logged ON to " & strComputerName & " (session: " & strSession & ")")' Close the fileobjFile.CloseLogoff Script:' Variables for use in the scriptconst ForAppending = 8dim objShelldim strUsername, strComputernamedim objFSO, objFiledim strFilename' Get the environment strings into variablesSet objShell = WScript.CreateObject("WScript.Shell")strUserName = objShell.ExpandEnvironmentStrings("%USERNAME%")strComputerName = objShell.ExpandEnvironmentStrings("%COMPUTERNAME%")' Prepare the file for appending, create if necessarystrFilename = "\\SERVERNAME\SHARENAME\FOLDERNAME\logon-logoff.log"Set objFSO = CreateObject("Scripting.FileSystemObject")Set objFile = objFSO.OpenTextFile(strFilename, ForAppending, True)' Write the line to the log fileobjFile.WriteLine(Date() & " " & Time() & " - " & strUserName & " logged OFF " & strComputerName)' Close the fileobjFile.CloseThis appends all the logon/logoff events into a single log file with the date, time, client name & session ID (so it covers Terminal Services too).Save them as 2 separate .vbs files and create a group policy with them both called accordingly via:User Configuration / Windows Settings / Scripts (Logon/Logoff) -> LogonUser Configuration / Windows Settings / Scripts (Logon/Logoff) -> LogoffCopy the .vbs files into the folder in the SYSVOL share where the policy resides and they are guaranteed (so long as the client has a working scripting engine) to execute if the policy is processed. Edited June 3, 2006 by Mr Snrub Link to comment Share on other sites More sharing options...
janus zeal Posted June 3, 2006 Share Posted June 3, 2006 tested with my old win2k AD server, it works. Link to comment Share on other sites More sharing options...
LiquidHonesty Posted June 4, 2006 Author Share Posted June 4, 2006 Sweet! I'm going to try them both on Monday when I get back to work Link to comment Share on other sites More sharing options...
XP_2600 Posted June 4, 2006 Share Posted June 4, 2006 janus zeal thanks man its helpful, better than auditing. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now