How to track users logon/logoff

The Auditing

Option 1:

1. Enable Auditing on the domain level by using Group Policy:

Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy

There are two types of auditing that address logging on, they are Audit Logon Events and Audit Account Logon Events.

Audit "logon events" records logons on the PC(s) targeted by the policy and the results appear in the Security Log on that PC(s).

Audit "Account Logon" Events tracks logons to the domain, and the results appear in the Security Log on domain controllers only

2. Create a logon script on the required domain/OU/user account with the following content:

echo %date%,%time%,%computername%,%username%,%sessionname%,%logonserver% >>
\\SERVER\SHARENAME$\LOGON.LOG

3. Create a logoff script on the required domain/OU/user account with the following content:

echo %date%,%time%,%computername%,%username%,%sessionname%,%logonserver% >>
\\SERVER\SHARENAME$\LOGOFF.LOG

Note: Please be aware that unauthorized users can change this scripts, due the requirement that

the SHARENAME$ will be writeable by users.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Option 2:

Use WMI/ADSI to query each domain controller for logon/logoff events.

Technical Help

Please find our other blogs which related to technical and devotional. We are a team grabing information from technical support forms where many issues solved by real time experianced people in the support forums. most of the issues are fixed by our best fallowers. Our team is working in top MNC companies located in all over India in different technolagies, here we share real time issues and help documents. like Troubleshooting steps, documentation, whitepapers, SOP's and many more, .

Any one can contribute here with your real time issues, though it help to others to find and fix before they fight with support folks.

Technical Help

How to track users logon/logoff

The Auditing

Related Posts

1 comment