Re: login/logoff Report

..... following entry in the [string] section is too long and has been
truncated...

Make sure you have hotfix 842933 applied to the SBS server

"The following entry in the [strings] section is too long and has been
truncated" error message when you try to modify or to view GPOs in Windows
Server 2003, Windows XP Professional, or Windows 2000
http://support.microsoft.com/?id=842933

Then go back to my 3rd reply in this thread and look at the attachment.
It's a screen shot of the Server Management Console and shows you where to
add the logon/logoff ".cmd" scripts.


-- Procedure to apply "Lazy Man's" Logon/Logoff Tracking to an SBS 2003
network --

SHARE FOLDER
Create a "logging folder" share on your SBS server (maybe call it TLOLO -
Track LogOn LogOff)
Make sure the "logging folder" share has Share Permissions: Everyone

Make sure the "logging folder" share has Security Permissions:

Domain Users: read-write

Domain Admins: Full



SCRIPTS

Create the following .cmd files in a text editor
(Edit the .cmd files to reference your "logging folder" share location)

------logon.cmd----
echo logon %username% %computername% %date% %time% >> \\sbs\share\logon.log

-----logoff.cmd-----
echo logoff %username% %computername% %date% %time% >> \\sbs\share\logon.log

EDIT DEFAULT DOMAIN GROUP POLICY
- Put the newly created logon.cmd and logoff.cmd on your SBS desktop
- Open Server Management
- Resize the Server Management window so you can see both it and the .cmd
files on your desktop
- In Server Management, select: Advanced Management | Group Policy
Management | Forest: <your forest name> | Domains | <yourdomain>
- Now right click on: Default Domain Policy | Edit... | User Configuration
| Windows Settings | Scripts

In the right pane, you'll see the Logon and Logoff policies. Again, resize
all windows as necessary so you can see your ".cmd" files on the desktop.

- Double click on the "Logon" script in the right pane to bring up the
Logon Properities windows
- Then click on "Show Files..."
- Drag the Logon.cmd from your desktop into the new window that "Show
Files..." has just opened
- Now close this "Show Files..." window
- Back in the Logon Properites window, click on "Add" | Browse | highlight
Logon.cmd | click Open | click OK | click Apply | click OK

- Double click on the "Logoff" script in the right pane to bring up the
Logoff Properities windows
- Then click on "Show Files..."
- Drag the Logoff.cmd from your desktop into the new window that "Show
Files..." has just opened
- Now close this "Show Files..." window
- Back in the Logoff Properites window, click on "Add" | Browse | highlight
Logoff.cmd | click Open | click OK | click Apply | click OK
- Close all GPO windows.


APPLY THE NEW GROUP POLICY

- On the SBS server: Start | Run | type: gpupdate /force | OK



NOTE: While the gpupdate command should apply the new "logon/logoff
tracking" Group Policy, you may want to reboot all workstations.



Now when you users authenticate to the SBS server via any workstation in the
domain, a logon or logoff event will be captured in your "logging folder".
This can be read with a text editor (Notepad) or can be copied into an Excel
spread*** for better manipulation/viewing.



VIEWING LOGON.LOG WITH EXCEL



Column A... Logon/Logoff
Column B... Username
Column C... Workstation
Column D... Day
Column E... Date
Column F... Time


- Drag a copy of the Logon.log to the desktop

- Right click logon.log and select .Open with: Excel

- Select all of Column A

- From the top menu, select Data | Text to Columns | Next | delimiter:
Space | Next | Finish

- Select all of Column F

- From the top menu, select Format | Cells | Time | (format) 1:30 pm

- Select entire spread***

- Data | Sort | Columns C (ascending) | Column E (ascending) | Column F
(ascending)

(Workstation, Date, Time)



--
Merv Porter [SBS MVP]
===================================

"hijack" <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:14B22E3D-553C-47BC-A5E1-8CAF2E21B2C9@xxxxxxxxxxxxxxxx
Still no joy. Did I locate the logon / logoff scripts in the correct
place?
On the server, in run, i used gpedit.msc and located the area as
specified.
This was done under the "local computer policy". However when I use
gpedit.msc a few warnings appear, titled "Administrative Templates" - The
following entry in the [string] section is too long and has been
truncated.
Allows you to view and change a a list of DCOM server application
id(appids)
which are exempted from the DCOM Activation security check. DCOM uses two
such lists, one configured via group Policy settings and the other via the
actions. - OK. The other messages are a little different to this.
--
Thanks for the help
Jack


"Merv Porter [SBS-MVP]" wrote:

See if this helps...

"Users" and "Domain Users" are not the same.

Permissions on a file server
http://technet2.microsoft.com/WindowsServer/en/Library/86987829-3f74-412f-abb8-c8b22b07257d1033.mspx?mfr=true

Managing Access to Resources
http://www.examcram2.com/articles/article.asp?p=102341&rl=1

Share/NTS Permissions
http://www.windowsecurity.com/articles/Share-Permissions.html


Make sure you're logged onto the SBS server as a domain admin.
Right click on the shared folder and select "Sharing and Securty...".
Under the Sharing tab, click on the Permissions button
Under the Share Permissions tab, put a checkmark in the "Full Control"
box
Click OK

Click on the Security tab.
Click Add.
In the field for "Enter the object names to select", type: domain
admins
Click OK
In the section marked "Permissions for Domain Admins", put a checkmark in
"Full Control" box under "Allow"
Click Add.
In the field for "Enter the object names to select", type: domain users
Click OK
In the section marked "Permissions for Domain Users", put a checkmark in
the
"Read" and a checkmark in "Write" boxes under "Allow"
Click the Apply button
Click OK


--
Merv Porter [SBS MVP]
===================================
"hijack" <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FE07EAA3-4A57-405B-8386-7EAEE4138A59@xxxxxxxxxxxxxxxx
Thanks for being so patient. I am having difficulty in setting up the
permissions. Most of these are grayed out and cannot be changed.
Are users and domain users the same group? Please point me to more
reading
on permission setup (simple reading).
--
Thanks for the help
Jack


"Merv Porter [SBS-MVP]" wrote:

On the shared (log) folder, check the permissions again and make sure
the
Share Permissions are Everyone: FULL and the Security Permissions
are
Domain Users: read-write.

--
Merv Porter [SBS MVP]
===================================
"hijack" <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:13C86F3E-E26D-4BA3-B0C7-918316E14C17@xxxxxxxxxxxxxxxx
I did a bit of reading on UNC and tried various formats. My SBS is a
folder
that is shared with full access and so is the share folder. ( The
path
is
C:\SBS\Share\logon.log)
On my local PC \\computername\folder\logon.log does not register any
entries
in the log file. On my server I have tried
\\servername.domain.local\folder\logon.log . Only administrator
login's
are
registered in the file if I go t start -> logoff ( this via RWW).
The
client
logon entries were not registered at all.

--
Thanks for the help
Jack


"Merv Porter [SBS-MVP]" wrote:

Have you tried using the UNC path to the log?

\\<sbs>\share\logon.log

The script should log any authentication to the server or a
workstation,
even via RWW.

--
Merv Porter [SBS MVP]
===================================
"hijack" <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F474FAAE-17BD-422B-A380-B8E82E8666DF@xxxxxxxxxxxxxxxx
When the clients login or out the logon.log file does not
register
any
entries (blank). I access the server via RWW and am not sure
whether
this
type of login will register on the server. Could there be a
problem
with
the
active directory setup?
--
Thanks for the help
Jack


"Merv Porter [SBS-MVP]" wrote:

Do you mean that the log only shows entries for the
workstations,
not
the
SBS server?

On the SBS server, my logon.cmd contains:

echo logon %username% %computername% %date% %time% >>
\\<servername>\share\logon.log

The share has permissions... domain users: read-write, domain
admins:
Full

See attachment.

--
Merv Porter [SBS MVP]
===================================
"hijack" <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F113DD38-8003-4207-BB94-F5D482B5C6D4@xxxxxxxxxxxxxxxx
I can only get this to work on my PC and not the server. My
logon.cmd
file
contains "echo logon %username% %computername% %date% %time%
>>
C:\sbs\share\logon.log".
Must some kind of scripting be turned on on the server to get
this
to
work?

--
Thanks for the help
Jack


"Merv Porter [SBS-MVP]" wrote:

Everything is done on the SBS server only. When any device
logs
into/off
of
the domain (the domain controller - the SBS server), the
logon/logoff
info
is recorded.

The only issue I've seen in the log is when an RWW session
(i.e.,
RDP
to
a
LAN workstation) is allowed to time out. This leaves the RDP
session
still
running on the workstation. The log will show that the user
has
not
logged
off the workstation but if another user tries to RDP to that
same
workstation, they will be informed that the workstation is
locked.
This
really isn't a problem with the logging procedure, just a
pain
to
decipher
at times.

--
Merv Porter [SBS MVP]
===================================
"hijack" <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:549A803F-3D9A-4727-B5AC-DB16759F0BE4@xxxxxxxxxxxxxxxx
Must the two files with the cmd extention be applied to
each
PC
on
the
network or only on the server?
--
Thanks for the help
Jack


"Merv Porter [SBS-MVP]" wrote:

Low tech way...

Lazy man's way to track user logon/logoff
http://msmvps.com/blogs/kwsupport/archive/2005/02/24/36942.aspx

--
Merv Porter [SBS MVP]
===================================
"hijack" <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:1E3EDD1A-58A3-42CE-822B-1B5A4625272B@xxxxxxxxxxxxxxxx
I need to monitor user login/logoff on SBS2003. How do I
explicitly
set
this
up and get a report ?
--
Thanks for the help
Jack




















.