Is there some way of keeping a log of when someone logs on, and possibly the
IP address of where they logged on from?
Thanks.
Create a hidden share on a every DC, LogonLog$, where Authenticated users have Read and Write Permissions
and Domain Admins have Full Control.
In a logon script:
@echo off
setlocal EnableDelayedExpansion
for /f "Tokens=1* Delims=:" %%a in ('ipconfig /all^|FIND "IP Address"') do (
for /f "tokens=1" %%i in ('@echo %%b') do (
set IP=%%i
)
)
:: US English M/D/Y H:M:S
for /f "Tokens=1-3 Delims=/ " %%a in ('@echo %date%') do (
set MM=0%%a
set DD=0%%b
set YY=20%%c
)
set YY=%YY:~-4%
set MM=%MM:~-2%
set DD=%DD:~-2%
for /f "Tokens=1-4 Delims=:. " %%a in ('@echo %time%') do (
set H=0%%a
set M=0%%b
set S=%%c%%d
)
set H=%H:~-2%
set M=%M:~-2%
@echo %YY%%MM%%DD%%H%%M%%S% %username% %computername% %IP% %LOGONSERVER%>>%LOGONSERVER%\LogonLog$\Logon.log
endlocal
If you have multiple DCs, periodically create a combined file by sorting the logs together.
Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com