Re: login/logoff Report

If you haven't already, on the server, run gpupdate /force from a command
prompt again. You may even want to do this on the WinXP Pro workstations.

Also, give us the text of the logon.cmd you've created.

--
Merv Porter [SBS MVP]
===================================
"hijack" <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4DCA6AE3-37EB-48C4-9F3E-6C291F703631@xxxxxxxxxxxxxxxx
I have created a text file and sucessfully saved this in the shared folder.
I
was also able to edit this file in the shared folder. Access was also
through
RWW which also successfully edited the file. Still no users login / logout
was recorded in the logon file.
--
Thanks for being so patient
Jack


"Merv Porter [SBS-MVP]" wrote:

Log on to a workstation as a standard user and see if you can navigate to
the (logging) share folder on the server. Then try to create and save a
text file (using Notepad) within that share folder. This should tell us
if
a standard user has read/write access to the (logging) share folder.

--
Merv Porter [SBS MVP]
===================================
"hijack" <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DC5E9EF0-C955-4A1B-8E9B-AE321F3C519F@xxxxxxxxxxxxxxxx
I still have no joy. I have checked the file share and share permission,
located both the cmd files in the correct place now. Only the
administrators
logon/logoff are recorded (from the logoff option on the start button)
I
have
a feeling that the server is not authenticating correctly or my user
groups
are not set up correctly (User,Mobile,Power).
Why must the cmd file be dragged to the "show Files" and then added.
Will
it
not be suffient to to just add these files under the respective script.
The hotfix 842933 fixed the problem with the string error.

--
Thanks for the help
Jack


"Merv Porter [SBS-MVP]" wrote:

..... following entry in the [string] section is too long and has been
truncated...

Make sure you have hotfix 842933 applied to the SBS server

"The following entry in the [strings] section is too long and has been
truncated" error message when you try to modify or to view GPOs in
Windows
Server 2003, Windows XP Professional, or Windows 2000
http://support.microsoft.com/?id=842933

Then go back to my 3rd reply in this thread and look at the
attachment.
It's a screen shot of the Server Management Console and shows you
where
to
add the logon/logoff ".cmd" scripts.


-- Procedure to apply "Lazy Man's" Logon/Logoff Tracking to an SBS
2003
network --

SHARE FOLDER
Create a "logging folder" share on your SBS server (maybe call it
TLOLO -
Track LogOn LogOff)
Make sure the "logging folder" share has Share Permissions: Everyone

Make sure the "logging folder" share has Security Permissions:

Domain Users: read-write

Domain Admins: Full



SCRIPTS

Create the following .cmd files in a text editor
(Edit the .cmd files to reference your "logging folder" share
location)

------logon.cmd----
echo logon %username% %computername% %date% %time% >>
\\sbs\share\logon.log

-----logoff.cmd-----
echo logoff %username% %computername% %date% %time% >>
\\sbs\share\logon.log

EDIT DEFAULT DOMAIN GROUP POLICY
- Put the newly created logon.cmd and logoff.cmd on your SBS desktop
- Open Server Management
- Resize the Server Management window so you can see both it and the
.cmd
files on your desktop
- In Server Management, select: Advanced Management | Group Policy
Management | Forest: <your forest name> | Domains | <yourdomain>
- Now right click on: Default Domain Policy | Edit... | User
Configuration
| Windows Settings | Scripts

In the right pane, you'll see the Logon and Logoff policies. Again,
resize
all windows as necessary so you can see your ".cmd" files on the
desktop.

- Double click on the "Logon" script in the right pane to bring up
the
Logon Properities windows
- Then click on "Show Files..."
- Drag the Logon.cmd from your desktop into the new window that "Show
Files..." has just opened
- Now close this "Show Files..." window
- Back in the Logon Properites window, click on "Add" | Browse |
highlight
Logon.cmd | click Open | click OK | click Apply | click OK

- Double click on the "Logoff" script in the right pane to bring up
the
Logoff Properities windows
- Then click on "Show Files..."
- Drag the Logoff.cmd from your desktop into the new window that
"Show
Files..." has just opened
- Now close this "Show Files..." window
- Back in the Logoff Properites window, click on "Add" | Browse |
highlight
Logoff.cmd | click Open | click OK | click Apply | click OK
- Close all GPO windows.


APPLY THE NEW GROUP POLICY

- On the SBS server: Start | Run | type: gpupdate /force | OK



NOTE: While the gpupdate command should apply the new "logon/logoff
tracking" Group Policy, you may want to reboot all workstations.



Now when you users authenticate to the SBS server via any workstation
in
the
domain, a logon or logoff event will be captured in your "logging
folder".
This can be read with a text editor (Notepad) or can be copied into an
Excel
spread*** for better manipulation/viewing.



VIEWING LOGON.LOG WITH EXCEL



Column A... Logon/Logoff
Column B... Username
Column C... Workstation
Column D... Day
Column E... Date
Column F... Time


- Drag a copy of the Logon.log to the desktop

- Right click logon.log and select .Open with: Excel

- Select all of Column A

- From the top menu, select Data | Text to Columns | Next | delimiter:
Space | Next | Finish

- Select all of Column F

- From the top menu, select Format | Cells | Time | (format) 1:30 pm

- Select entire spread***

- Data | Sort | Columns C (ascending) | Column E (ascending) | Column
F
(ascending)

(Workstation, Date, Time)



--
Merv Porter [SBS MVP]
===================================

"hijack" <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:14B22E3D-553C-47BC-A5E1-8CAF2E21B2C9@xxxxxxxxxxxxxxxx
Still no joy. Did I locate the logon / logoff scripts in the correct
place?
On the server, in run, i used gpedit.msc and located the area as
specified.
This was done under the "local computer policy". However when I use
gpedit.msc a few warnings appear, titled "Administrative
Templates" -
The
following entry in the [string] section is too long and has been
truncated.
Allows you to view and change a a list of DCOM server application
id(appids)
which are exempted from the DCOM Activation security check. DCOM
uses
two
such lists, one configured via group Policy settings and the other
via
the
actions. - OK. The other messages are a little different to this.
--
Thanks for the help
Jack


"Merv Porter [SBS-MVP]" wrote:

See if this helps...

"Users" and "Domain Users" are not the same.

Permissions on a file server
http://technet2.microsoft.com/WindowsServer/en/Library/86987829-3f74-412f-abb8-c8b22b07257d1033.mspx?mfr=true

Managing Access to Resources
http://www.examcram2.com/articles/article.asp?p=102341&rl=1

Share/NTS Permissions
http://www.windowsecurity.com/articles/Share-Permissions.html


Make sure you're logged onto the SBS server as a domain admin.
Right click on the shared folder and select "Sharing and
Securty...".
Under the Sharing tab, click on the Permissions button
Under the Share Permissions tab, put a checkmark in the "Full
Control"
box
Click OK

Click on the Security tab.
Click Add.
In the field for "Enter the object names to select", type: domain
admins
Click OK
In the section marked "Permissions for Domain Admins", put a
checkmark
in
"Full Control" box under "Allow"
Click Add.
In the field for "Enter the object names to select", type: domain
users
Click OK
In the section marked "Permissions for Domain Users", put a
checkmark
in
the
"Read" and a checkmark in "Write" boxes under "Allow"
Click the Apply button
Click OK


--
Merv Porter [SBS MVP]
===================================
"hijack" <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FE07EAA3-4A57-405B-8386-7EAEE4138A59@xxxxxxxxxxxxxxxx
Thanks for being so patient. I am having difficulty in setting up
the
permissions. Most of these are grayed out and cannot be changed.
Are users and domain users the same group? Please point me to
more
reading
on permission setup (simple reading).
--
Thanks for the help
Jack


"Merv Porter [SBS-MVP]" wrote:

On the shared (log) folder, check the permissions again and make
sure
the
Share Permissions are Everyone: FULL and the Security
Permissions
are
Domain Users: read-write.

--
Merv Porter [SBS MVP]
===================================
"hijack" <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:13C86F3E-E26D-4BA3-B0C7-918316E14C17@xxxxxxxxxxxxxxxx
I did a bit of reading on UNC and tried various formats. My SBS
is
a
folder
that is shared with full access and so is the share folder.
( The
path
is
C:\SBS\Share\logon.log)
On my local PC \\computername\folder\logon.log does not
register
any
entries
in the log file. On my server I have tried
\\servername.domain.local\folder\logon.log . Only
administrator
login's
are
registered in the file if I go t start -> logoff ( this via
RWW).
The
client
logon entries were not registered at all.

--
Thanks for the help
Jack


"Merv Porter [SBS-MVP]" wrote:

Have you tried using the UNC path to the log?

\\<sbs>\share\logon.log

The script should log any authentication to the server or a
workstation,


.