Skip to main content

Steps to Track user logon in Windows XP/ Windows Server 2003

Tracking user is related to store information about user login, logout and other activity after login to the system. Track user login is not a feature of windows OS. So if we want to store logon information about all users, we have to write a command line script or program. This script stores user data in a secure file which has no modification access to all users except administrator.

Tracking is useful when we need some secret information about login and logout time or if we need to count time of user connectivity with the computer.

Here we store user computer name, user name, login date, time and IP address, which is sufficient for user tracking.

Step 1:
Create the following two files using Notepad or any text editor:

LOGON:
Open Text editor and write:

IPCONFIG |FIND "IP" > %temp%\filename.txt  //file in temp folder for temporary use only
FOR /F "tokens=2 delims=:" %%a in (%temp%\filename.txt) do set IP=%%a
del %temp%\filename.txt //delete temporary filename.txt
set IP=%IP:~1%  //set IP address to IP
echo Login From:, %COMPUTERNAME%, User Name:, %USERNAME%, Date:, %DATE%, Time:, %TIME%,%IP% >> \\Your Computer Name or IP Address\share$\logon.log  //print information on the file named logon.log

Save file with .cmd extention.
How can edit gpedit.msc to track user logon in Windows XP/ Windows Server 2003
Edit Group Policy
LOGOFF:
Open Text editor and write:

Just change file name logoff.log instead of logon.log;
 Save file with .cmd extention.

Step 2:
After creating file, you should go to Group Policy by Start->Run->then type “gpedit.msc”. In Group Policy Tree, Traverse the tree in following order: User Configuration-> Windows Settings-> Scripts (Logon/Logoff)-> Logon, Here Click "Add" to locate your script location, then click OK.
Step 3:
Now go to "Run" from start button and type “gpupdate” to update Group Policy.

Step 4:
When users log on and off in you system, your logon file \\Your PC IP Address\SHARE$\logon.log should looks like below example:

logon Zahed User Tue 02/07/2012 10:30:51.12
logoff Johnny User Tue 02/07/2012 11:10:08.45
logon Toypet User Tue 02/07/2012 12:34:01.07
logoff Johnny User Tue 02/07/2012 12:43:46.81

I think it will work, but if have any confusion regarding this script; do not hesitate to contact with me.

Labels:

Comments

  1. AnonymousFriday, January 06, 2012 4:32:00 PM

    Is there any effect on Start up and shut down on Group Policy

    ReplyDelete
  2. Mohammad Zahed HossainSunday, January 08, 2012 2:04:00 PM

    No there is no effect unless you change configuration for Computer Settings->Windows Settings ->script(Shutup/Shutdown)

    ReplyDelete

Post a Comment

Popular posts from this blog

Facebook timeline recent activity and post disappeared

Facebook Timeline gives our profile a new graphical look. It also launches many new features. Activity log is one of them where we will find all of our recent activities on profile, example: Any “Like” on own or others post, comments, status update, add new photos, invites someone to add group, add albums, send friend request etc. But sometimes we face problem with disappear recent activity from Facebook timeline or wall post from profile. This problem is one of the common problems in new feature. It may happen in two stage of your account.  - When your account transfer from old wall view to Timeline or New profile in Timeline. - Another stage is for existing Timeline account, where recent activity disappears without any specific reason. The first case we can handle very easily. It basically happen due to transfer and the solution depends on visibility of your post or activity like (Public, Friends and Custom). Now set your visibility settings from privacy setting or directly...
21 comments
Read more

Settings to allow or hide Facebook post on Timeline

In Facebook timeline new feature supports allow or hide your post on timeline. This feature is very useful when you need privacy for your posting. By this feature you can decide which timeline posts are visible in your timeline and which are hidden. This situation arises after few days of your posting when you think that you previous writings must not show in your profile. Then you need to hide it from others. There is another option which is delete post. If you delete a post it will permanently removed, but it may required later. Then you can not retrieve it. But if you hide it, then you can retrieve it very easily whenever necessary.  Here I describe steps to show or hide posting in timeline:- 1. Login in to your Facebook profile.   2. Click on Activity Log button (Activity Log Button is Right bottom side of your cover image).   3. A new window will open, now Select "All/Your Post/Others Post" from drop-down (Right upper side of the page). 4. You will see al...
8 comments
Read more

Speed up computer without any software in Windows OS

There are many software to speed up your computer, But I will give you some trick to speed up your PC very easily. You may know common issues which can effect on speed of your computer from this post. Steps to speed up your PC : 1. Install spyware and antivirus to get rid of spyware and antivirus from your computer.You can get many free spyware and antivirus from internet. But before install, be sure about the software because some of them slow your PC speed. Run full check of your system area and HDD. 2. Enable your firewall, if you have built in firewall with your antivirus or internet security software then your windows firewall will be disable, but you must ensure your firewall is enable to protect your computer. You can change your firewall from the link: http://latestitsupport.blogspot.com/2011/12/how-to-turn-off-or-turn-on-windows.html 3. Free up your disk space to speed up your computer. Disk Clean up is an important tool to free disk space of Windows OS. You can easily cle...
4 comments
Read more