Easily track users across a domain
Posted by The Technocrat | Filed under Coding, Geeky, Software
Okay admins, you might someday question of who is logging in to what machines, and when. Simple enough, create a new hidden folder on a server:
\\servername\admin_log$
Now fire up Active Directory and create a new group policy object called 'Login Log'. This GPO applies only to whatever Organizational Units you want to track, and has one thing: a one-line batch file for the login script that says:
echo %username%,logged on,%computername%,%time%,%date% >> \\servername\admin_log$\admin_log.txt
Nice. Now when joe user (domain/juser) logs in to the servers, you have a text file that looks like this:
juser,logged on,pdc,08:31:35.57,Sun 03/05/2006
juser,logged on,webserver,08:41:35.57,Mon 03/06/2006
What's up with the commas? I'm planning ahead for when I change the log's extension to .csv, and make a tool (maybe that imports this csv into a MySQL database + PHP application?) to analyze my entire network's computer usage.
note: you could have a logoff script that logged the logoff times also – but it's up to you…
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec libero. Suspendisse bibendum.
Cras id urna. Morbi tincidunt, orci ac convallis aliquam, lectus turpis varius lorem, eu
posuere nunc justo tempus leo. Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec libero. Suspendisse bibendum.
Cras id urna.
May 8, 2006 at 5:06 am
I wonder if that can be added iinto the event viewer, with a custom EventID?
May 8, 2006 at 6:52 am
We use a piece of inhouse software that runs as part of the login script too.
It generates an XML file about the PC. The network info, the user info, everything you could possibly think of…. machine type, email config, drives mapped, printers, software installed, software uninstalled etc.
That XML file is then uploaded to a SQL box so we can track all the PCs centrally and see who is where and what config they have. Using historical data we can track who has installed patches, who has removed memory from their machine and who has the Kylie Screensaver installed – at the click of a mouse…
Its amazing and I could’nt do my job without it….
May 8, 2006 at 8:32 am
right, that’s pretty close to what I’m trying to do, except without spending money, and using the CSV file to feed a MySQL/PHP app…
Ideally, there are a lot of apps out there that I’ve seen/used, but this is the cheapest way to do some basic logging…
May 8, 2006 at 9:09 am
Yep.
This was all written by someone who works for our company. I believe that it is going to be sold as a commercial product too (maybe).