none
Active Directory logon tracking

    Question

  • I have a batch file that runs when a user logs on that prints to a text file: 

    echo IN user: %username% computer: %computername% date: %date% time: %time% >> \\XXXX\deploy\Logs.txt

    I have the same script set as a logoff script that does the same thing just labeled OUT, since there isn't a way to run a program upon logout:

    echo OUT user: %username% computer: %computername% date: %date% time: %time% >> \\XXXX\deploy\Logs.txt

    The batch file prints fine, the logoff script prints as well but prints the entire cmd line:

    C:\Windows>echo OUT user: XXXX computer: XXXX date: Tue xx/xx/xxxx time: xx:xx:xx.xx  1>>\\XXXX\deploy\Logs.txt

    It still shows me who logged in when and where though.

    Is there anyway I can get it to stop doing that? The first time the logoff script actually ran it printed correctly, but every time after that it started printing the entire cmd line

    Wednesday, April 27, 2016 5:00 PM

Answers

All replies

  • I have a batch file that runs when a user logs on that prints to a text file: 

    echo IN user: %username% computer: %computername% date: %date% time: %time% >> \\XXXX\deploy\Logs.txt

    I have the same script set as a logoff script that does the same thing just labeled OUT, since there isn't a way to run a program upon logout:

    echo OUT user: %username% computer: %computername% date: %date% time: %time% >> \\XXXX\deploy\Logs.txt

    The batch file prints fine, the logoff script prints as well but prints the entire cmd line:

    C:\Windows>echo OUT user: XXXX computer: XXXX date: Tue xx/xx/xxxx time: xx:xx:xx.xx  1>>\\XXXX\deploy\Logs.txt

    It still shows me who logged in when and where though.

    Is there anyway I can get it to stop doing that? The first time the logoff script actually ran it printed correctly, but every time after that it started printing the entire cmd line

    • Moved by nzpcmad1 Wednesday, April 27, 2016 6:44 PM From ADFS
    • Merged by Jay GuModerator Thursday, April 28, 2016 12:59 AM duplicated
    Wednesday, April 27, 2016 12:59 PM
  • Hi,

    In my opinion, you could try to use @echo off to turn off the command echoing feature. The command echoing is on by default.

    For more information, you could refer to the article below.

    Echo

    https://technet.microsoft.com/en-us/library/cc772462.aspx

    If there are any problems related with script, you could post your problem on the script forum below.

    https://social.technet.microsoft.com/Forums/scriptcenter/en-us/home?forum=ITCG

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 29, 2016 3:17 AM
    Moderator
  • We utilize the same process in our environment and this is how we were able to accomplish our needs.  We created a shared location on each remote server called "Audit$" and gave everyone full rights to it.  Then, we created a User Configuration->Policies->Windows Settings->Scripts (Logon/Logoff) GPO for each remote office and the HQ office.  We then created "Logon.bat" and a "Logoff.bat" file with the following commands.  The text "Dist02,logon" are explicit values and not derived, change then to meet your environment.  The text \\DIST02FileServ\Audit$\Domain.log is the location and file name on the server.  We also have a scheduled task on the HQ server that gathers all of the "Log" files, combines then and then clears the original log files to blank for the next day.  If you want full details contact me.

    Logon.Bat

    *******************************

    @echo off

    setlocal

    setlocal enabledelayedexpansion

    for /f "usebackq tokens=*" %%a in (`ipconfig ^| findstr /i "ipv4"`) do (

      for /f delims^=^:^ tokens^=2 %%b in ('echo %%a') do (

        for /f "tokens=1-4 delims=." %%c in ("%%b") do (

          set _o1=%%c

          set _o2=%%d

          set _o3=%%e

          set _o4=%%f

          set _3octet=!_o1:~1!.!_o2!.!_o3!.!_o4!

             echo DIST02;Logon;%Date% %TIME%;%COMPUTERNAME%;%USERNAME%;!_3octet! >> "\\DIST02FileServ\Audit$\Domain.log"

          )

        )

      )

    endlocal

    ******************************


    Chris Premo

    Tuesday, August 08, 2017 9:20 PM