Re: Recording LogonLogoff

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi everyone,

What are we agreeing to?

I am running on a single domain controller (DC) and want to (for HIPPA
security purposes) record (in a log of some sort) users logging on, from
about 15 workstations, to the server which has "electronic patient health
information" (ePHI).

It would be great if I could view it via the Event Viewer, but not
necessarily.

Please straighten me out!

Jim

"SuperGumby [SBS MVP]" wrote:

> no, you use the netlogon share in conjunction with the GPO.
>
> Items in netlogon do not get automatically started.
>
> "Javier Gomez [SBS MVP]" <javier_gomez@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> message news:ugNldW4RFHA.4068@xxxxxxxxxxxxxxxxxxxxxxx
> > One important point is that you should use the Netlogon share *or* GPOs.
> > If you use both... then you will get the same script running 2 times.
> >
> > --
> > Javier [SBS MVP]
> > www.msmvps.com/javier
> > << SBS ROCKS!!! >>
> >
> > "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
> > news:OgzRbB4RFHA.1476@xxxxxxxxxxxxxxxxxxxxxxx
> >> the logon.cmd and logoff.cmd are best stored on the SBS in
> >> C:\WINDOWS\SYSVOL\sysvol\lc.lan\scripts (replace lc.lan with your local
> >> domain), the netlogon folder.
> >>
> >> In a single DC environment you can then set the policy to an absolute UNC
> >> of
> >> \\sbs\netlogon\logon.cmd or \\sbs\netlogon\logoff.cmd.
> >> In a multiple DC AD you might want to use a variable in the specification
> >> %LOGONSERVER%\netlogon\logon.cmd and %LOGONSERVER%\netlogon\logon.cmd as
> >> the
> >> netlogon will be replicated between peer DC's.
> >>
> >> With you putting the file in c:\logon.cmd and c:\logoff.cmd you would
> >> need to
> >> a) copy the files to the same location on every workstation
> >> b) specify the files as c:\logon.cmd and c:\logoff.cmd in the proup
> >> policy
> >> c) manually update all copies if you wanted to implement change
> >>
> >>
> >> "jimtotem" <jimtotem@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:3C6BA91C-4163-421E-A3A4-00746DF16417@xxxxxxxxxxxxxxxx
> >>>I am embarrased to admit it, but I still can't make it work.
> >>> I created the two "logon.cmd" and Logoff.cmd" files and located them on
> >>> my
> >>> root C: drive.
> >>> I then set the Group Polict (Scripts (Logon)) to "logon.cmd"
> >>> I guess I don's know which log file to check? I do not see it in my
> >>> "Event
> >>> Viewer."
> >>>
> >>> "Frustrated" Jim
> >>>
> >>>
> >>> "Kevin Weilbacher [SBS-MVP]" wrote:
> >>>
> >>>> I've updated my blog to reflect Javier's input. Thanks!
> >>>> http://msmvps.com/kwsupport/archive/2005/02/24/36942.aspx
> >>>>
> >>>> --
> >>>> Kevin Weilbacher [SBS-MVP]
> >>>> "The days pass by so quickly now, the nights are seldom long"
> >>>>
> >>>>
> >>>> "Rick Dilley" <rdilley@xxxxxxxxxxxxxxxx> wrote in message
> >>>> news:ehlHjjpRFHA.3560@xxxxxxxxxxxxxxxxxxxxxxx
> >>>> > Exactly Which GP has to be changed?
> >>>> >
> >>>> > RickD
> >>>> >
> >>>> > "Javier Gomez [SBS MVP]" <javier_gomez@xxxxxxxxxxxxxxxxxxxxxxxx>
> >>>> > wrote
> >>>> > in
> >>>> > message news:OYaJEL4PFHA.4024@xxxxxxxxxxxxxxxxxxxxxxx
> >>>> >> GP = Group Policy
> >>>> >>
> >>>> >> --
> >>>> >> Javier [SBS MVP]
> >>>> >> www.msmvps.com/javier
> >>>> >> << SBS ROCKS!!! >>
> >>>> >>
> >>>> >> "Jim" <totemconsultants@xxxxxxxxxxx> wrote in message
> >>>> >> news:05fe01c53f7f$f88c06d0$a601280a@xxxxxxxxxx
> >>>> >> > Please pardon my ignorance, but what is "GP"?
> >>>> >> > Jim
> >>>> >> >>-----Original Message-----
> >>>> >> >>Here's a poor man's way of tracking user login's:
> >>>> >> >>http://msmvps.com/kwsupport/archive/2005/02/24/36942.aspx
> >>>> >> >>
> >>>> >> >>--
> >>>> >> >>Kevin Weilbacher [SBS-MVP]
> >>>> >> >>"The days pass by so quickly now, the nights are seldom
> >>>> >> > long"
> >>>> >> >>
> >>>> >> >>
> >>>> >> >>"Jim" <totemconsultants@xxxxxxxxxxx> wrote in message
> >>>> >> >>news:05cc01c53f7a$33603430$a601280a@xxxxxxxxxx
> >>>> >> >>>I want to record, in a security log file, the users
> >>>> >> >>> logging on and off. I tried to setup the Event Viewer
> >>>> >> >>> Security Log, but do not record anything.
> >>>> >> >>>
> >>>> >> >>> I am using Windows 2000 Serve.
> >>>> >> >>>
> >>>> >> >>> Thank you for your assistance.
> >>>> >> >>>
> >>>> >> >>> Jim
> >>>> >> >>>
> >>>> >> >>
> >>>> >> >>
> >>>> >> >>.
> >>>> >> >>
> >>>> >>
> >>>> >>
> >>>> >
> >>>> >
> >>>>
> >>>>
> >>>>
> >>
> >>
> >>
> >
> >
>
>
>
.

Relevant Pages

  • Active Directory User w/ NT Policy in NetLogon Share?
    ... I need to have an AD use logon to an NT machine, but lock down the NT desktop with a NT policy for that user. ... When I create an NT policy, store it in a Local NetLogon share, lockdown works for a local user, but not an AD domain user. ... Note the users AD account does run a login script, off the AD DC, specified in their account. ... Now this same account does NOT lock down if I put the NT policy in the folder holding the login script. ...
    (microsoft.public.win2000.security)
  • Re: IMissing Netlogon share
    ... Does this mean the netlogon share scripts and policy object files are still ... on the domain server and if I remove all possible partners, ...
    (microsoft.public.windows.server.active_directory)
  • logon script location - 9x clients to 2k3 server
    ... I am assuming it should be on the netlogon share, ... The support company say they will not support, ... unless the workstations are XP, the school cannot afford to upgrade all ... and havent had much experience of w2k3. ...
    (microsoft.public.windows.server.general)
  • Failed to open connection to LDAP
    ... Host:, Port: 389". ... Workstations: Windows 2000 pro, Outlook XP SP3. ... net start netlogon ...
    (microsoft.public.exchange2000.active.directory.integration)
  • Re: Recording LogonLogoff
    ... you use the netlogon share in conjunction with the GPO. ... Items in netlogon do not get automatically started. ... >> In a single DC environment you can then set the policy to an absolute UNC ... >>> I guess I don's know which log file to check? ...
    (microsoft.public.backoffice.smallbiz2000)