I always like to find easy ways to do things. Mick recently shared in the public newsgroup how he maintains a log file of user’s logons and logoffs.
Step 1: Create the following two files using Notepad or your favorite text editor:
——logon.cmd—-
echo logon %username% %computername% %date% %time% >> \\sbs\share\logon.log
—–logoff.cmd—–
echo logoff %username% %computername% %date% %time% >> \\sbs\share\logon.log
Step 2: Update Group Policy to run the appropriate batch file. In Group Policy, go to:
User Configuration-> Windows Settings-> Scripts (Logon/Logoff)-> Logon
Step 3: As users log on and off, your log file should look something like this:
logon June VSXP Tue 22/02/2005 10:39:51.12
logoff June VSXP Tue 22/02/2005 10:41:08.45
logon MickM VSXP Tue 22/02/2005 10:42:01.07
logoff MickM VSXP Tue 22/02/2005 10:42:46.81
Thanx, its works very good.
Great solution. I came up with one very similar on my own, and yours is even better!
Good one. Proposing a different view
My way was pretty similar except I store the logon and logoff in separate user files.
Instead of echo logon %username% %computername% %date% %time% >> \\sbs\share\logon.log
echo logon %computername% – %username% %date% %time% >> \\sbs\share\%computername%.log
And the same for logoff
Saves searching the single logfile.
Also – seeing the date and time on the file attributes gives a quick view as to last updated so saves going into the file itself.
hi,
your way is working fine for the administrator account only in my system, please help me to log the other user accounts in my windows server 2003. Please help me in this regard.
sithi
sithi_dit@rediffmail.com
Sithi,
My guess is you put the file in a share that only the admin group can write to. Put it out in the open and see what happens. You can bury it once you get it working. To bury it, change the permissions on the file so that anyone can write to it. If you put it in a share that only management (or you) can browse to, but everyone can write to, it should work.
Doug
dgeary@gearytech.com
The following works well with 2000, and XP clients. (They need to understand the DATE and TIME variables.
Basically the same as above, but writes to a CSV file which opens a little easier in Excel
echo %COMPUTERNAME%,%USERNAME%,%DATE%,%TIME% >> \\server1\logon$\UserLogon.csv
Thanks for the tip on logging logoff events (I was only using the login script). I will try it now.
If you want to create a separate log file for each user try the following for the filename.
“\\servername\share\%username%.log”
I think I need a little clarity. Where should I put the files once I create them. And where would I find the script with the users log off and log on information? I’m using a sbs 2003. I put the files on //sbs/shared/logon.log.
If you haven’t noticed this is my first crack writing a group policy. Any assistance will be greatly appreciated
Does anyone know how to get the time stamp to read: 01:49 PM instead of 13:49:33.34
Thanks!
i have a workaround script which let you log a specific user in or groups using IFMEMBER.EXE from microsoft resource-kit.
First download resource-kit for appropriate windows version, install and copy IFMEMBER.EXE
to the root directory of your script, if you intend to put *.cmd in each individual folder.
IFMEMBER.EXE need to be in each directory where the script will be excecuted.
1. In Active Directory user and computer.
2. Create a new GLOBAL / SECURITY – GROUP
3. Name “UserMonGroup” (Ofcourse you can choose a different name)
4. Add user that you want to monitor logon/logoff events to “UserMonGroup”
5. Also add “UserMonGroup” Read – write permission to folder directory where the logon.csv will be saved.
——logon.cmd—-
IFMEMBER “rp\UserMonGroup”
if ERRORLEVEL 1 echo %USERNAME%,%COMPUTERNAME%,%CLIENTNAME%,%DATE%,%TIME% >> \\server\logon$\logon.csv
——logoff.cmd—-
IFMEMBER “rp\UserMonGroup”
if ERRORLEVEL 1 echo %USERNAME%,%COMPUTERNAME%,%CLIENTNAME%,%DATE%,%TIME% >> \\server\logon$\logon.csv
I tried it, but it some times it doesn’t work on Windows 2000 ? any idea?
I am new to SBS 2003 and I can’t get the scripts to run. It doesn’t create the CSV file. There are multiple parts of AD. Where is the exact location of the part of AD for the Step 2 User Configuration-> Windows Settings-> Scripts (Logon/Logoff)-> Logon. I found it in multiple locations of the server’s AD. Any help would be greatly appreciated
Hello, this is what I’m looking for, but I am unable to make it work as I expect. It logs only my remote logon to the DC from a local workstation. I get no data when I logon or logoff the domain from the same local workstation. The log file location is a fully shared folder with domain admin and users with full permissions. I saved the files as logon.cmd and logoff.cmd in c:\windows\sysvol\domain\scripts. Then browsed to them when adding to User Configuration-> Windows Settings-> Scripts (Logon/Logoff)-> Logon
Any suggestions?
Nice job… I was looking for something like this for about a week…
Normajm;
This is how I got it to work….
My scripts:
logon.cmd
===========
echo Log-on Script: Login From: %COMPUTERNAME%, User Name: %USERNAME%, Date: %DATE%, Time: %TIME% >> \\sbs-server\monitoring$\%username%.csv
======================================================
Logoff.cmd
============
echo Log-off Script: Log-off From: %COMPUTERNAME%, User Name: %USERNAME%, Login Date: %DATE%, Login Time: %TIME% >> \\sbs-server\monitoring$\%username%.csv
=====================================================
Step by step:
create both logon.cmd and logoff.cmd as described
above
1) Create a folder (c:\monitoring) and shared it as Monitoring$ (the $ will make it a hidden share on the network).
2) give everyone Write permission on the share.
3) Save the scripts here for now. Right click on both files and select Copy (we will use this later)
4) Launched Server Manager and expand Group Policy->Forest->Domains->MyBusiness->Users->SBSUsers
5)Create a policy here (MonitoringPolicy)
6) Edit this policy (right-click Edit)
7) Navigate to User Configuration-> Windows Settings-> Scripts (Logon/Logoff)-> Logon
8) Right-click on Logon and choose Properties…
9) Click Show files button, click Paste and delete logoff.cmd close this window.
10) Click the Add button on the logon properties window. and click Browse (this will open the logon folder)
11) Select the logon.cmd file click open, then OK
12) Click Ok..
13) repete the steps 8 thru 12 (when you paste the files delete the logon.cmd and leave the logoff.cmd)
14) close the GP
15) click Start-> Run and type gpupdate /force
16) Login from a workstation to your network
17) On your server locate the monitoring folder and there you will see the log files created based on the user name….
I hope this helps….
Libis Bueno
Domitek…
Is there a way to log the client IP as well?
Newby, try this…
IPCONFIG |FIND “IP” > %temp%\TEMPIP.txt
FOR /F “tokens=2 delims=:” %%a in (%temp%\TEMPIP.txt) do set IP=%%a
del %temp%\TEMPIP.txt
set IP=%IP:~1%
echo Login From:, %COMPUTERNAME%, User Name:, %USERNAME%, Date:, %DATE%, Time:, %TIME%,%IP% >> \\SERVERNAME\SHARE$\_test.csv
I have been using this script for the last 2 weeks and it has saved me tons of time because I no longer have to scour the security logs for logins to verify that people in our satellite office are actually coming in to work normal hours.
I know you have machine name in there but is there a way to also record IP address in this script?
Thanks to all, I too have been “looking” for a low budget way to do this also. SBS monitoring and reporting should have included this in the reports as a baseline to compare internet usage and email usage
LBueno thanks for the write-up. I have it working for the desktops and terminal server.
The only thing I would suggest that monitoring folder be placed on any volume other C: for security reasons. I make it practice not add anything to that volume if I can.
Interestingly, I found one user not updating the files. I checked the security logs and found that user is logged in and accessing the SBS server. In the pass, the mobile user template was used to create accounts, how of this user the user template was used. That should not be a factor for this policy.
I currently testing the “scripts” at shutdown and startup Computer Configuration-> Windows Settings-> Scripts (startup/shutdown) -> to see it has to with the way the user accesses the system.
Hi I have been looking for some solution regarding logging computer usage timing, like is there a way by we can log The locking and unlocking of the terminal, or when the ScreenSaver starts and stops, so we can monitor whether how long somebody is using the computer for. I dont want to spend dollars to log the session time for a user. Any help will be appreciated. thanks
Cybeh
It appears that the Group Policies on some of the clients are not being updated.
E.g. my user ID will update the files when I login on the terminal server, however if I login on a local client, it will not.
However, the local users on three local clients are logging to the files.
From what I could find on the web, it seems there are issues with GP, SBS W2K3 and some hotfix updates. I have to do more reading.
Hi
When i redirect the time to a .csv file it doesn’t give proper format of time and just shows mm:ss and doesn’t show HH (hours) Ex: In place of 2:13:15 it shows only 13:15.
Please advice on it.
Thanks
-Dinesh
Hi Peter i tried these steps ..
And i’m getting the ip. But I need to maintain the same log to store the terminal server login also. If suppose a user is login in through remote desktop. I need to store the remote ip(I tried with the same script but the local machine ip is coming instead of the remote machines ip). Is it possible to get the remote ip? Kindly help me in this regards.
IPCONFIG |FIND “IP” > %temp%\TEMPIP.txt
FOR /F “tokens=2 delims=:” %%a in (%temp%\TEMPIP.txt) do set IP=%%a
del %temp%\TEMPIP.txt
set IP=%IP:~1%
echo Login From:, %COMPUTERNAME%, User Name:, %USERNAME%, Date:, %DATE%, Time:, %TIME%,%IP% >> \\SERVERNAME\SHARE$\_test.csv
Has any one had any issue with the way the TIME variable is being written to the log file?
Hi, this logon/logoff tracking seems very cool. however, is there a way we can track station’s active time? it’s because our office doesn’t require logon/off, everyone has it’s own station and everyone seems to know a little bit in IT (can’t run software in the background)… please help! any suggesting is appreciated!
Hi,
I was hoping to find a simple program to monitor and log all the logon/logoff’s on my terminal server but I guess I’m back at doing it this way.
I do have a question. My %time% gives a time like 9:03:26,34 instead of 09:03 (or 09:03:26).
In control panel the time is set as HH:mm (or HH:mm:ss).
When I load the .txt or .csv file in Excel, the time fields are shows as text and therefor I cannot calculate the time between logon and logoff.
Changing the cel properties to ‘time’ does not solve this.
Anyone knows how to change this? My manager wants to know how long our remote home workers are logged on so I need to calculate the time. For some reason this suddenly doesn’t work.
Thanks,
Richard
Is there a way to make this script output a log for each day, to make it make a seperate file for each day?
Thanks.
Is there a way to make this script output a log for each day, to make it make a seperate file for each day?
Thanks.
Is there a way to make this script output a files based on date?
If a terminal session has reached it’s idle time limit the session is disconnected.
The disconnected session in still active on the server and this also has an idle time limit.
When that time limit is reached, the session is logged off automatically.
I noticed that the logoff script does not run in this case.
When I log back in again and I check the log file, I see 2 lines with logon information but no line with the logoff information.
Is it possible to run the logoff script for a session that is logged off automatically due to inactivity?
Thanks,
RIchard
Correction to my previous post of November 8….this does seem to work after all.
Does it matter at what level you apply this GPO?
Does anyone know how to make the time variable be the server time, not the user’s time? We have users logging in from all over the world so it makes the results hard to follow because of time zones. How would you standardize the time reported so it is just the server time?
how would I make the time variable be the server time, not the user’s? We have people in different time zones logging in and it makes the logs hard to follow.
Add the following at the top of your script to format the time in HH:MM AM/PM format and also to sync the time to your server (type NET TIME /? for additional options).
~~~~
@ECHO OFF
REM Formats Time variable
FOR /F “TOKENS=*” %%A IN (‘TIME/T’) DO SET TIME=%%A
REM Syncs Time with the server
net time /set /y
This works like a charm!
Excellent idea and implementation.
I have one problem though (obsiously…)
Some of our users are logging on using Terminal server and remotedesktop.
%computername% will display the name of the terminalserver, and not the copmuter the users is logging in from….
Is it possible to log what the computername or the IP of the originating computer??
Any tips or hints on how to accomplish this would be much appreciated.
Works great. Thanks much. I tried a couple methods and settled on LBueno’s script, though I made a few minor changes. Huge help, thanks.
hey, what about using the same script for local workstation. any suggestions how to run it with higher rights than user so user can’t mess with it? 🙂
Thanks for the script guys! I’ll be playing with it to get it just the way we need it!
Thanks Again
JoeA
@J. Sheridan:
Use the %clientname% variable to log the computername of the users pc/laptop.
Not sure how to log the client IP address.
Richard
Logon scripts are only executing when loging locally. When loging from a workstation the logon scripts are not executing. Write permission have been granted to the log files.
From remote machine when running the script manually i.e
\\server1\shared\logon.cmd then the entry is logged in log file.
Any help will be highly useful.
Hey guys/gals, seems to be a lot of people wanting to do this. I’m attempting but am having troubles applying these methods to Win2K Server… Anyone have a “how to” that pertains to what L Bueno wrote for Win2k Server?
1) Create a folder (c:\monitoring) and shared it as Monitoring$ (the $ will make it a hidden share on the network).
2) give everyone Write permission on the share.
3) Save the scripts here for now. Right click on both files and select Copy (we will use this later)
???4) Launched Server Manager and expand Group Policy->Forest->Domains->MyBusiness->Users->SBSUsers
5)Create a policy here (MonitoringPolicy)
6) Edit this policy (right-click Edit)
???7) Navigate to User Configuration-> Windows Settings-> Scripts (Logon/Logoff)-> Logon
8) Right-click on Logon and choose Properties…
9) Click Show files button, click Paste and delete logoff.cmd close this window.
10) Click the Add button on the logon properties window. and click Browse (this will open the logon folder)
11) Select the logon.cmd file click open, then OK
12) Click Ok..
13) repete the steps 8 thru 12 (when you paste the files delete the logon.cmd and leave the logoff.cmd)
14) close the GP
15) click Start-> Run and type gpupdate /force
16) Login from a workstation to your network
17) On your server locate the monitoring folder and there you will see the log files created based on the user name….
Thank you all.
A very good discussion, and easy robust and fast solution.
thank u all.
we need few more lazy people’s guide to get a revolution in sys. administration.
keep it up .
* one more lazy admin.
Manish
figured I’d post this.
I have it both logging in and out going into one csv file, administered via group policies. (work great)
I took it one step further, and created a batch file that at the end of the day will rename the file to the current date. Doing this allows me to keep the log file small, yet still organized via date.
how to:
1. Create a bat file in the same folder as your log share.
2. Note: run the bat file from the same server that the log share is located. (running the bat file from a different computer changed the directory it was being run from, therefor it couldn’t find the csv file, easy fix if someone else wants to look up the solution).
2a. On the computer hosting the share create an “archive.bat” file and use task scheduler to make it run every day.
3. archive.bat should read:
‘——Start Copy ———–
‘ this runs daily using the task scheduler on server: Apple.
‘ Set the Date Format
‘ gotten from http://www.tech-recipes.com/computer_programming_tips956.html
echo on
@REM Seamonkey’s quick date batch (MMDDYYYY format)
@REM Setups %date variable
@REM First parses month, day, and year into mm , dd, yyyy formats and then combines to be MMDDYYYY
FOR /F “TOKENS=1* DELIMS= ” %%A IN (‘DATE/T’) DO SET CDATE=%%B
FOR /F “TOKENS=1,2 eol=/ DELIMS=/ ” %%A IN (‘DATE/T’) DO SET mm=%%B
FOR /F “TOKENS=1,2 DELIMS=/ eol=/” %%A IN (‘echo %CDATE%’) DO SET dd=%%B
FOR /F “TOKENS=2,3 DELIMS=/ ” %%A IN (‘echo %CDATE%’) DO SET yyyy=%%B
‘SET date=%mm%%dd%%yyyy%
SET date=%yyyy%-%mm%-%dd%
‘ Copy and delete the UserLogon.csv. the UserLogon.csv file will be recreated next time someone logs in.
copy UserLogon.csv %date%.csv
del Userlogon.csv
‘————-End copy————-
Or bj, to add the logon / off details to a file that is named after the date just do the following.
Create the 2 batchfiles below (Logon.bat and Logoff.bat)
Add them to the GP as described above.
Username, action, computername, time, date will be saved to a single txt file that has the current date.
The next day all the details are saved to a new txt file with that date and so on.
Then create an xls template to read the data from the txt file so that it sorts it in time and username order.
Note: you will have to mess about with the date variables in order to get the file name in the correct date format that you require.
Logon.bat
———
echo %username% Logged on %computername% %time% %date% >> \\server\share$\%date:~-7,2%-%date:~0,2%-%date:~-4,4%.txt
———
Logoff.bat
———-
echo %username% Logged on %computername% %time% %date% >> \\server\share$\%date:~-7,2%-%date:~0,2%-%date:~-4,4%.txt
———-
I did all as told above, But unable to get the output.
I shared the folder with everyone full access and at NTFS even i granted users the full access but i am unable to get the login/logoff log.
If i run the command on a local client’s command prompt with the output address of local computer i get the output on local computer, but if i give the output network path as \\server1\new folder\%username%.csv and then echo the comand in the comand prompt i get the error as Network path not found. Even if i run ths command as admin i get the same error. The network share are reachable and also fullly accessible. Any help plz
I m using win2k3 as DC and win XP clients.
I ran this and get the network path not found, did anyone figure this out?
Munawar; check the permissions of your shared folder not just the security level.
this will catch you everytime.
Bob
Hi,
I am on Win 2003 standard ed server and i am not the I.T admin and I don’t have access to the active directory. So, how can i track the local logon/logff on my server???
I did not find any “group policy” option but I can see there’s a “local security policy” thing but I do not see any option there to call these scripts.
Any pointers will be appreciated
Thanks
Techie
Hi,
I need to do a script that track the user usage on the computer. Let say if the user uses the computer for 24hr, it will send an email to me. It have the check the logon time and the logoff time. Anyone know how to do this?
Thanks
Patrick
Hello Team,
Thanks for the information. Login batch file works fine, but logoff file works after 20 min of login into system.
If you logon and after 5 minutes you logoff the system Logoff batch dosent works. Result:–. you will get teh login information but not teh logoff information.
Somebody please help to resolve teh issue.
Hi,
We are already doing this, but have a problem on XP, when a user locks his PC at the end of the day and next day comes in and simply unlocks it, the cached login on XP lets him in (though his session with the server is disconnected), and tries in the background to do a authenticate the user on the server.
The handshake/authentication does happen but in this case the login script set through the Group policies does not run.
Does anyone has a solution for this problem. Will help immensely to track such users login time who do not restart or log off their PCs.
Hitendra
Hi All,
Is there any way to import all the data to SQL server as soon as there is any update in output file.
regards
BW
Thank you! Works great!
Hitendra
Did you find a way to do this track lock and unlock computer user also as well.
This works great! But the output file, logs.log, gets overwritten time to time. Does anyone know why and how to prevent?
Is there a way to add this script without using group policy??? We have a bunch of lab computers that we want to add this too by deploying it via ghost console. going to each computer and adding it manually will be a long, time consuming task. Perhaps there’s a way through a registry change?
Hi,
Is there a way to track further based on user’s idle time. The problem is that the scrips will only track when users log-off or log-on. Most users have their own computers, and they never log off..simply just locked the computer when they go home.
Any suggestion is greatly appreciated.
Thanks.
Is there a way to track ‘old’ logons/offs? if someone no longer is using the computer, but want to see a history? is this possible?
Thanks!!