Skip to main content

Steps to Track user logon in Windows XP/ Windows Server 2003

Tracking user is related to store information about user login, logout and other activity after login to the system. Track user login is not a feature of windows OS. So if we want to store logon information about all users, we have to write a command line script or program. This script stores user data in a secure file which has no modification access to all users except administrator.

Tracking is useful when we need some secret information about login and logout time or if we need to count time of user connectivity with the computer.

Here we store user computer name, user name, login date, time and IP address, which is sufficient for user tracking.

Step 1:
Create the following two files using Notepad or any text editor:

LOGON:
Open Text editor and write:

IPCONFIG |FIND "IP" > %temp%\filename.txt  //file in temp folder for temporary use only
FOR /F "tokens=2 delims=:" %%a in (%temp%\filename.txt) do set IP=%%a
del %temp%\filename.txt //delete temporary filename.txt
set IP=%IP:~1%  //set IP address to IP
echo Login From:, %COMPUTERNAME%, User Name:, %USERNAME%, Date:, %DATE%, Time:, %TIME%,%IP% >> \\Your Computer Name or IP Address\share$\logon.log  //print information on the file named logon.log

Save file with .cmd extention.
How can edit gpedit.msc to track user logon in Windows XP/ Windows Server 2003
Edit Group Policy
LOGOFF:
Open Text editor and write:

Just change file name logoff.log instead of logon.log;
 Save file with .cmd extention.

Step 2:
After creating file, you should go to Group Policy by Start->Run->then type “gpedit.msc”. In Group Policy Tree, Traverse the tree in following order: User Configuration-> Windows Settings-> Scripts (Logon/Logoff)-> Logon, Here Click "Add" to locate your script location, then click OK.
Step 3:
Now go to "Run" from start button and type “gpupdate” to update Group Policy.

Step 4:
When users log on and off in you system, your logon file \\Your PC IP Address\SHARE$\logon.log should looks like below example:

logon Zahed User Tue 02/07/2012 10:30:51.12
logoff Johnny User Tue 02/07/2012 11:10:08.45
logon Toypet User Tue 02/07/2012 12:34:01.07
logoff Johnny User Tue 02/07/2012 12:43:46.81

I think it will work, but if have any confusion regarding this script; do not hesitate to contact with me.

Labels:

Comments

  1. AnonymousFriday, January 06, 2012 4:32:00 PM

    Is there any effect on Start up and shut down on Group Policy

    ReplyDelete
  2. Mohammad Zahed HossainSunday, January 08, 2012 2:04:00 PM

    No there is no effect unless you change configuration for Computer Settings->Windows Settings ->script(Shutup/Shutdown)

    ReplyDelete

Post a Comment

Popular posts from this blog

Facebook timeline recent activity and post disappeared

Facebook Timeline gives our profile a new graphical look. It also launches many new features. Activity log is one of them where we will find all of our recent activities on profile, example: Any “Like” on own or others post, comments, status update, add new photos, invites someone to add group, add albums, send friend request etc. But sometimes we face problem with disappear recent activity from Facebook timeline or wall post from profile. This problem is one of the common problems in new feature. It may happen in two stage of your account.  - When your account transfer from old wall view to Timeline or New profile in Timeline. - Another stage is for existing Timeline account, where recent activity disappears without any specific reason. The first case we can handle very easily. It basically happen due to transfer and the solution depends on visibility of your post or activity like (Public, Friends and Custom). Now set your visibility settings from privacy setting or directly fro
21 comments
Read more

Brief and Examples on Simplex, Half-Duplex, Full-Duplex Transmission

In data communication, there are three types of communication styles; they are Simplex, Half-Duplex and Full-Duplex. Here we discuss about their characteristics with examples. Simplex: In this communication style data can send only and basically it is one way or uni-direction communication. This type of communication is not widely used for transmit trusted data because it can not send any error or control signal to sender terminal. This style of communication is vastly used in Radio and TV where we can see and hear or receive data only but we can not send any information data by the same channel. Half-Duplex: Half-Duplex is another type of communication style where data can and send and receive but not at the same time. In this communication type, if data is send from one end, then we can not send data from another that means communication establish in one direction.  This communication vastly used in walkie-talkie, intercom, string phone etc. The practical exam
Post a Comment
Read more

Limit user from changing system time and date in Windows OS

Most of us do not concern with system date and time. But it is one of most important factor in all operating system because when all software need system date and time for any update whether it is server end or end user end. Here we are talking about the importance of system date and time and procedure to restrict user from changing system date and time from front end or user end. So we need to keep it intact without any unnecessary changes. If any user except can have the right to change date and time from user end, then it will fall us in deep trouble specially when we run software which take entry time input from end user end. There are also many software mechanisms which does not allow date and time difference to start up.  For above reason we do not give user access to change date and time from user end. We can limit the user from this feature. Here I show steps how we can control user access in windows operating systems. Steps to follow:- 1. Go to "Start menu" an
1 comment
Read more