On 21 Mar 2008 at 7:32, Ziots, Edward wrote:
> Sure pass those scripts this way if you feel so kind to ZV.
So many folks asked, I figured I'd just post in-line. Here's my BOOTHIST.CMD,
works on Win2k and XP, I ass*u*me it'll work on Vista. Just modify it to write
to a shared location on the network (e.g. the user's %HOME%), then add it to
your login script.
------- Included Stuff Follows -------
@echo off
:: BootHist.CMD ... stores boot history on Win2000
if not exist c:\backups\nul md c:\backups
For /F "Tokens=2" %%I in ('Date /T') Do Set dd=%%I
For /F "Tokens=*" %%I in ('Time /T') Do Set tt=%%I
echo %dd% %tt%: %1 %2 %3 %4 %5 %6 %7 %8 %9 >> c:\backups\boothist.log
set tt=
set dd=
--------- Included Stuff Ends ---------
To display the login history, just use LISTER (from http://www.ghisler.com/) or
any other free text-file display tool.
NOTE: any batch-file method like this requires write-access to the log file.
This means someone trying to act in a surreptitious manner might be able to
prevent you from catching them. If you want to track logins in a way that
can't be edited, use a script that e-mails login events to you using something
like BLAT. This won't produce a GUI-friendly list or easily-readable textfile
automatically unless you also set up a FETCHMAIL system, but it'll be more
secure.
Or you could use GPOs to track logon events. A little googling turned up this
article which might be of interest:
------- Included Stuff Follows -------
User Logon Tracking Redux
A recent IT Pro Hero, Michael Dragone, discussed his batch-file solution
for tracking employee logons on the company network and logoffs by user
and computer (see "It's 10:00 p.m.: Do You Know Who's Logged On?" June
2007, InstantDoc ID 95922). Michael's solution consisted of a logon script
that records the time a user logs on or off a machine and the computer
being accessed, then writes this information to a log file on a server
share. But one of my colleagues, Barry, a tech in the Calgary Separate
School District in Calgary, Alberta, the same school district for which I
work, discovered a potential loophole when he tried using a similar
solution. In order for the information to be appended to the log file,
users would require write access to the log file-so a student could
possibly tamper with the log file. To avoid this problem, I developed a
solution for my employer, Bishop Grandin High School in the Calgary
Separate School District, which uses a Group Policy Object (GPO) to turn
on event-log auditing, then transfers those event logs to a central
network share that users can't access. ...
--------- Included Stuff Ends ---------
http://windowsitpro.com/article/articleid/96633/user-logon-tracking-redux.html
Unfortunately you need a windowsitpro.com account to read the full article, and
they've blocked bugmenot.com so you actually have to register and divulge
personal info to access the site :-(
HTH
--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+-----------------------------------+
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
