Re: Recording LogonLogoff

I'm sure that some of you are thinking that I should: "Take your hands off
the keyboard and step back from the computer!"

I just want instructions to record anyone accessing the single DC server
from any of about 15 workstations.

Our server is set up with "WINNT\SYSVOL\sysvol\hkc.01\Policies and Scripts"
folders and no "\\sbs\netlogon\" folders.

Jim



"Kevin Weilbacher [SBS-MVP]" wrote:

> Ahh ... the world is still big enough for us to have a choice ...
>
> Tastes great ...
> Less filling ...
>
> --
> Kevin Weilbacher [SBS-MVP]
> "The days pass by so quickly now, the nights are seldom long"
>
>
> "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
> news:O4ZHGz5RFHA.2136@xxxxxxxxxxxxxxxxxxxxxxx
> > we're agreeing to disagree :-) not unusual for us.
> >
> > How you implement such a thing is one of those 'choice' things:
> > You can enable logon/logoff auditing and use the Event Logs or you can
> > implement the scripts and have a simple text file (which BTW very easily
> > imports into Excel).
> >
> > I know which I prefer, umm, Kev's method (BWAHAHHAAHAHAHA).
> >
> > "jimtotem" <jimtotem@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:032F32DD-75F3-47C2-AA9D-CAD7D604F960@xxxxxxxxxxxxxxxx
> >> Hi everyone,
> >>
> >> What are we agreeing to?
> >>
> >> I am running on a single domain controller (DC) and want to (for HIPPA
> >> security purposes) record (in a log of some sort) users logging on, from
> >> about 15 workstations, to the server which has "electronic patient health
> >> information" (ePHI).
> >>
> >> It would be great if I could view it via the Event Viewer, but not
> >> necessarily.
> >>
> >> Please straighten me out!
> >>
> >> Jim
> >>
> >> "SuperGumby [SBS MVP]" wrote:
> >>
> >>> no, you use the netlogon share in conjunction with the GPO.
> >>>
> >>> Items in netlogon do not get automatically started.
> >>>
> >>> "Javier Gomez [SBS MVP]" <javier_gomez@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
> >>> in
> >>> message news:ugNldW4RFHA.4068@xxxxxxxxxxxxxxxxxxxxxxx
> >>> > One important point is that you should use the Netlogon share *or*
> >>> > GPOs.
> >>> > If you use both... then you will get the same script running 2 times.
> >>> >
> >>> > --
> >>> > Javier [SBS MVP]
> >>> > www.msmvps.com/javier
> >>> > << SBS ROCKS!!! >>
> >>> >
> >>> > "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
> >>> > news:OgzRbB4RFHA.1476@xxxxxxxxxxxxxxxxxxxxxxx
> >>> >> the logon.cmd and logoff.cmd are best stored on the SBS in
> >>> >> C:\WINDOWS\SYSVOL\sysvol\lc.lan\scripts (replace lc.lan with your
> >>> >> local
> >>> >> domain), the netlogon folder.
> >>> >>
> >>> >> In a single DC environment you can then set the policy to an absolute
> >>> >> UNC
> >>> >> of
> >>> >> \\sbs\netlogon\logon.cmd or \\sbs\netlogon\logoff.cmd.
> >>> >> In a multiple DC AD you might want to use a variable in the
> >>> >> specification
> >>> >> %LOGONSERVER%\netlogon\logon.cmd and %LOGONSERVER%\netlogon\logon.cmd
> >>> >> as
> >>> >> the
> >>> >> netlogon will be replicated between peer DC's.
> >>> >>
> >>> >> With you putting the file in c:\logon.cmd and c:\logoff.cmd you would
> >>> >> need to
> >>> >> a) copy the files to the same location on every workstation
> >>> >> b) specify the files as c:\logon.cmd and c:\logoff.cmd in the proup
> >>> >> policy
> >>> >> c) manually update all copies if you wanted to implement change
> >>> >>
> >>> >>
> >>> >> "jimtotem" <jimtotem@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >>> >> news:3C6BA91C-4163-421E-A3A4-00746DF16417@xxxxxxxxxxxxxxxx
> >>> >>>I am embarrased to admit it, but I still can't make it work.
> >>> >>> I created the two "logon.cmd" and Logoff.cmd" files and located them
> >>> >>> on
> >>> >>> my
> >>> >>> root C: drive.
> >>> >>> I then set the Group Polict (Scripts (Logon)) to "logon.cmd"
> >>> >>> I guess I don's know which log file to check? I do not see it in
> >>> >>> my
> >>> >>> "Event
> >>> >>> Viewer."
> >>> >>>
> >>> >>> "Frustrated" Jim
> >>> >>>
> >>> >>>
> >>> >>> "Kevin Weilbacher [SBS-MVP]" wrote:
> >>> >>>
> >>> >>>> I've updated my blog to reflect Javier's input. Thanks!
> >>> >>>> http://msmvps.com/kwsupport/archive/2005/02/24/36942.aspx
> >>> >>>>
> >>> >>>> --
> >>> >>>> Kevin Weilbacher [SBS-MVP]
> >>> >>>> "The days pass by so quickly now, the nights are seldom long"
> >>> >>>>
> >>> >>>>
> >>> >>>> "Rick Dilley" <rdilley@xxxxxxxxxxxxxxxx> wrote in message
> >>> >>>> news:ehlHjjpRFHA.3560@xxxxxxxxxxxxxxxxxxxxxxx
> >>> >>>> > Exactly Which GP has to be changed?
> >>> >>>> >
> >>> >>>> > RickD
> >>> >>>> >
> >>> >>>> > "Javier Gomez [SBS MVP]" <javier_gomez@xxxxxxxxxxxxxxxxxxxxxxxx>
> >>> >>>> > wrote
> >>> >>>> > in
> >>> >>>> > message news:OYaJEL4PFHA.4024@xxxxxxxxxxxxxxxxxxxxxxx
> >>> >>>> >> GP = Group Policy
> >>> >>>> >>
> >>> >>>> >> --
> >>> >>>> >> Javier [SBS MVP]
> >>> >>>> >> www.msmvps.com/javier
> >>> >>>> >> << SBS ROCKS!!! >>
> >>> >>>> >>
> >>> >>>> >> "Jim" <totemconsultants@xxxxxxxxxxx> wrote in message
> >>> >>>> >> news:05fe01c53f7f$f88c06d0$a601280a@xxxxxxxxxx
> >>> >>>> >> > Please pardon my ignorance, but what is "GP"?
> >>> >>>> >> > Jim
> >>> >>>> >> >>-----Original Message-----
> >>> >>>> >> >>Here's a poor man's way of tracking user login's:
> >>> >>>> >> >>http://msmvps.com/kwsupport/archive/2005/02/24/36942.aspx
> >>> >>>> >> >>
> >>> >>>> >> >>--
> >>> >>>> >> >>Kevin Weilbacher [SBS-MVP]
> >>> >>>> >> >>"The days pass by so quickly now, the nights are seldom
> >>> >>>> >> > long"
> >>> >>>> >> >>
> >>> >>>> >> >>
> >>> >>>> >> >>"Jim" <totemconsultants@xxxxxxxxxxx> wrote in message
> >>> >>>> >> >>news:05cc01c53f7a$33603430$a601280a@xxxxxxxxxx
> >>> >>>> >> >>>I want to record, in a security log file, the users
> >>> >>>> >> >>> logging on and off. I tried to setup the Event Viewer
> >>> >>>> >> >>> Security Log, but do not record anything.
> >>> >>>> >> >>>
> >>> >>>> >> >>> I am using Windows 2000 Serve.
> >>> >>>> >> >>>
> >>> >>>> >> >>> Thank you for your assistance.
> >>> >>>> >> >>>
> >>> >>>> >> >>> Jim
> >>> >>>> >> >>>
> >>> >>>> >> >>
> >>> >>>> >> >>
> >>> >>>> >> >>.
> >>> >>>> >> >>
> >>> >>>> >>
> >>> >>>> >>
> >>> >>>> >
> >>> >>>> >
> >>> >>>>
> >>> >>>>
> >>> >>>>
> >>> >>
> >>> >>
> >>> >>
> >>> >
> >>> >
> >>>
> >>>
> >>>
> >
> >
>
>
>
.

Relevant Pages

  • Re: The Extent OF PC Anti Virus Scanscan
    ... scan Again in the future jim ... You'll find that you can dramatically reduce scan times by clearing the Temporary Internet Files and Temporary Files folders before the scan, ... It's very easy to get thousands and thousands of small files in the TIF folders, and regardless of size, each one has to be opened, examined, and closed to be scanned. ...
    (microsoft.public.windowsxp.general)
  • Re: Last gasp......I finally found the problem.....
    ... I deleted all event logs and restarted my PC. ... see Help and Support Center at ... You can access Event Viewer by selecting Start, Control Panel, ...
    (microsoft.public.windowsxp.general)
  • Re: Javascript is not working
    ... Jim: Thanks for the help. ... > You Cannot Open New Internet Explorer Window or Nothing Happens After You ... >>> other programs can be configured to block scripts. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Address book not visible
    ... What do you have on the left in Folders and Groups? ... Ronald Sommer ... Mister Jim wrote: ... > When I attempt to display my AB, the list is empty (also the Contacts ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Where do I find messages with no folder
    ... can you verify that on the server the folders are still ... Normally, on Exchange accounts, a backup is made on the server. ... If the scripts didn't find them, we have no other magic fixes at ... Be glad you got noticed by a developer, ...
    (microsoft.public.mac.office.entourage)