Record Logon / Logoff Activities on Domain Servers and Workstations Using Group Policy

Record Logon / Logoff Activities on Domain Servers and Workstations Using Group Policy

Recording Logon / Logoff activities on Domain Servers and Workstations can be useful in multiple situations:

  • Identify active users in domains to decommission
  • Create statistics for user activities
  • Determine how many different people use each computer on average (say per month)
  • Determine computer usage by day of the week and by shift of the day

This could be easily achieved by using a Group Policy.  This Wiki shows how to have this done and how to store this information in two CSV files: logon.csv and logoff.csv.
All you need are:

  • A shared folder on a file server
  • A logon script
  • A logoff script
  • A new GPO that will apply the logon and logoff scripts

A shared folder (We will take \\Server\Share\ as the name of our share in this example) on a file server is needed to share the CSV files that will be updated when a user does a logon or a logoff. You need to grant Read / Write permission for your users on this share in order to allow updates on it (You can grant this permission to Authenticated Users group).

For the logon / logoff script, you can create two Batch files with the following commands:

  • Logon.bat

echo %computername%; %userdomain% ; %username%; %date% ; %time% >> \\Server\Share\logon.csv

  • Logoff.bat

echo %computername%; %userdomain% ; %username%; %date% ; %time% >> \\Server\Share\logoff.csv

These commands will allow updating logon.csv and logoff.csv CSV files under \\Server\Share\ share with the following information:

  • Computer Name (Example: WorkStation01)
  • User Domain (Example: CONTOSO)
  • User Name (Example: A.MALEK)
  • Date (Example: Sun 10/20/2013)
  • Time (21:28:41.58)

Once you have the shared folder and the logon / logoff scripts, you can proceed with the creation of a new GPO that will be linked to your Domain / OUs. You will need to configure the following settings by adding the Batch files to use:

  • User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\Logon: logon.bat should be used as a logon script
  • User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\Logoff: logoff.bat should be used as a logoff script

Once your GPO is properly applied, you will start having the CSV files updated in next logon / logoff of your users. Note the fields are semicolon delimited, in case any values (such as user names) includes commas. The files can be imported into an Excel spreadsheet for analysis by specifying the semicolon as the delimiter.

Sort by: Published Date | Most Recent | Most Useful
Comments
Page 1 of 1 (4 items)