Best Way to Do Shared Logins

[Thomas M.]

XP SP2

We have two conflicting needs:

1) We need to have a shared login account on two machines.
2) We need to track who actually logged in on those machines.

I could go into a long-winded explanation on why we need these two
contradictory things, but it would be easier if you just accept that we do.
;-)

What I am thinking about is a shared login, and then maybe some kind of
custom process like a script or custom developed application that forces the
user to provide his or her individual login information. The custom process
would not do any authentication, but would verify that the login is valid
and then log the information to a log file somewhere that the users would
not be able to access. It would be critical that the user be unable to
bypass the custom process.

Any ideas on how best to accomplish both goals?

--Tom

 

[Terry R.]

The date and time was 11/18/2008 4:38 PM, and on a whim, Thomas M.
pounded out on the keyboard:

XP SP2

We have two conflicting needs:

1) We need to have a shared login account on two machines.
2) We need to track who actually logged in on those machines.

I could go into a long-winded explanation on why we need these two
contradictory things, but it would be easier if you just accept that we do.
;-)

What I am thinking about is a shared login, and then maybe some kind of
custom process like a script or custom developed application that forces the
user to provide his or her individual login information. The custom process
would not do any authentication, but would verify that the login is valid
and then log the information to a log file somewhere that the users would
not be able to access. It would be critical that the user be unable to
bypass the custom process.

Any ideas on how best to accomplish both goals?

--Tom

Tom,

Pegasus is a batch file wizard who will hopefully pop in here with a
batch file that would launch on login and would write input to a file
that can be viewed to see who logged in.

--
Terry R.

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

 

[Bruce Chambers]

XP SP2

We have two conflicting needs:

1) We need to have a shared login account on two machines.
2) We need to track who actually logged in on those machines.

I could go into a long-winded explanation on why we need these two
contradictory things, but it would be easier if you just accept that we do.
;-)

What I am thinking about is a shared login, and then maybe some kind of
custom process like a script or custom developed application that forces the
user to provide his or her individual login information. The custom process
would not do any authentication, but would verify that the login is valid
and then log the information to a log file somewhere that the users would
not be able to access. It would be critical that the user be unable to
bypass the custom process.

Any ideas on how best to accomplish both goals?

--Tom

Place a log book beside the console and require the users to make an
entry each time they log in our out of the computer.


--

Bruce Chambers

Help us help you:


http://support.microsoft.com/default.aspx/kb/555375

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot

 

[Terry R.]

The date and time was 11/18/2008 5:00 PM, and on a whim, Terry R.
pounded out on the keyboard:

The date and time was 11/18/2008 4:38 PM, and on a whim, Thomas M.
pounded out on the keyboard:


Tom,

Pegasus is a batch file wizard who will hopefully pop in here with a
batch file that would launch on login and would write input to a file
that can be viewed to see who logged in.

Well, sorry Tom. I didn't think it would be a difficult task to have a
batch file prompt for user initials or something similar on login and
write the input to a log file. Then upon review of the log file, the
initials would be shown along with the time of login.

But I guess Pegasus didn't think he had a way to do it.

--
Terry R.

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

 

[jpatti]

We have a similar need let me know what you end up coming up with as I have
had a tough time thinking of a way to do it.

 

[John John (MVP)]

Maybe this: http://www.forensit.com/Profman/index.htm

John

 

[Terry R.]

The date and time was 11/18/2008 4:38 PM, and on a whim, Thomas M.
pounded out on the keyboard:

XP SP2

We have two conflicting needs:

1) We need to have a shared login account on two machines.
2) We need to track who actually logged in on those machines.

I could go into a long-winded explanation on why we need these two
contradictory things, but it would be easier if you just accept that we do.
;-)

What I am thinking about is a shared login, and then maybe some kind of
custom process like a script or custom developed application that forces the
user to provide his or her individual login information. The custom process
would not do any authentication, but would verify that the login is valid
and then log the information to a log file somewhere that the users would
not be able to access. It would be critical that the user be unable to
bypass the custom process.

Any ideas on how best to accomplish both goals?

--Tom

Hi again Tom,

This method lacks your specifics, but it could be a start. It's a
simple batch file that would be placed into the Startup folder. So
right there, it could be bypassed by holding down Shift (to bypass all
Startup items) or pressing Ctrl-C to terminate the batch file. You
could create a value in the Run key to bypass Shift.

The batch records the users initials (or any one word info) along with
the date and time and writes it to a file. After they enter their
initials, they have to press ENTER F6 ENTER to close the file. In the
example below, I have the info being recorded to a file in the root of
C: named login.txt, again, not validating any login, but on a shared
login, how could any program tell who the different users are specifically?

:: Begin Batch file
@ECHO OFF
ECHO.
ECHO Enter your initials here, and close by pressing Enter, F6, Enter.
ECHO.
ECHO.

FOR /F "tokens=*" %%A IN ('TYPE CON') DO SET INPUT=%%A
DATE /T 1>>c:\login.txt
TIME /T 1>>c:\login.txt
ECHO "%INPUT%" >>c:\login.txt
:: End Batch file


--
Terry R.

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

 

[John John (MVP)]

The date and time was 11/18/2008 4:38 PM, and on a whim, Thomas M.
pounded out on the keyboard:


Hi again Tom,

This method lacks your specifics, but it could be a start. It's a
simple batch file that would be placed into the Startup folder. So
right there, it could be bypassed by holding down Shift (to bypass all
Startup items) or pressing Ctrl-C to terminate the batch file. You
could create a value in the Run key to bypass Shift.

The batch records the users initials (or any one word info) along with
the date and time and writes it to a file. After they enter their
initials, they have to press ENTER F6 ENTER to close the file. In the
example below, I have the info being recorded to a file in the root of
C: named login.txt, again, not validating any login, but on a shared
login, how could any program tell who the different users are specifically?

:: Begin Batch file
@ECHO OFF
ECHO.
ECHO Enter your initials here, and close by pressing Enter, F6, Enter.
ECHO.
ECHO.

FOR /F "tokens=*" %%A IN ('TYPE CON') DO SET INPUT=%%A
DATE /T 1>>c:\login.txt
TIME /T 1>>c:\login.txt
ECHO "%INPUT%" >>c:\login.txt
:: End Batch file

Task Manager> kill cmd.exe = end of batch file... Or right-click on the
Cmd.exe icon on the Taskbar and close it... batch file gone...

John

 

[Terry R.]

The date and time was 11/20/2008 11:32 AM, and on a whim, John John
(MVP) pounded out on the keyboard:

Task Manager> kill cmd.exe = end of batch file... Or right-click on the
Cmd.exe icon on the Taskbar and close it... batch file gone...

John

I did mention above that it could be terminated easily.

--
Terry R.

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

 

[John John (MVP)]

The date and time was 11/20/2008 11:32 AM, and on a whim, John John
(MVP) pounded out on the keyboard:


I did mention above that it could be terminated easily.

Maybe it could run as a Machine Script? I'm not sure if, or how that
might work.

John

 

[Terry R.]

The date and time was 11/20/2008 12:04 PM, and on a whim, John John
(MVP) pounded out on the keyboard:

Maybe it could run as a Machine Script? I'm not sure if, or how that
might work.

John

I used to know of a program called bat2exe that would compile batch
files into executables. It's been years since I used it and I'm not
sure it would work in this case. It still wouldn't address all the OP's
needs, but it would be a start.

--
Terry R.

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

 

[Thomas M.]

but on a shared login, how could any program tell who the different users

are specifically?

Terry,

Thanks for the response.

I am thinking that the process could make a check against AD to verify that
a valid account and password have been entered. If so, it would write the
account name to a log file. I'm thinking that it will require something
like a VB or VC++ script.

BTW, in my original post I indicated that the process would not do any
authentication. That might be a bit misleading because there would need to
be a check against AD, and the password would need to be entered in order to
verify that the owner of the user account is the person logging in.
Otherwise, anyone who knows the user name of a fellow employee, and that is
incredibly simple with an AD-based global address book, could enter another
person's account name to make it look like someone else logged in. So, in
that sense, the process would authenticate those credentials. However,
those credentials would NOT be used to provide access to resources.
Instead, access to resources would be controlled by the rights that have
been granted to the shared login account.

--Tom