How to track users logon/logoff using a script

0

How to track users logon/logoff

The Auditing(Option 1)

1. Enable Auditing on the domain level by using Group Policy:
2. Go to Computer Configuration / Windows Settings/ Security Settings/Local Policies / Audit Policy
3. There are two types of auditing that address logging on, they are Audit Logon Events and Audit Account Logon Events.
4. Audit “logon events” records logins to the PC(s) targeted by the policy and the results appear in the Security Log on that PC(s).
5. Audit “Account Logon” Events tracks logons to the domain,and the results appear in the Security Log on domain controllers only.
How to track users logon/logoff using a script
How to track users logon/logoff using a script

Option 2

  1. Crete a logon script on the required domain/OU/user account with the following content:
    echo %date% , %time%, %computername%, %username% , %sessionname%, %logonserver% > > \\SERVER\SHARENAME$\LOGOFF.LOG

2. Create a logoff script on the required domain/OU/user account with the following content:

echo %date% , %time%, %computername%, %username% , %sessionname%, %logonserver% > > \\SERVERSHARENAME$LOGOFF.LOG

NOTE : Please be aware that unauthorized users can change the scripts, due to the requirement that the SHARENAME$ will be writeable by users.

Option 3:

Use WMI/ ADSI to query each domain controller for logon/logoff events.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.