Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows Terminal Server access log

Status
Not open for further replies.
casperdacat

casperdacat

Technical User
Jun 4, 2001
43
BE
Hi,

I would like to trace who accesses my terminal servers and when. I've enabled auditing for logon/logoff events but this only shows the connecting username. As we use a generic user for most people (a user which automatically launches an application when connecting), we can't determine who is logging on. Is there a way to log the computername of who is logging on?

Thanx,
Fre
 
Sort by date Sort by votes
You could use a kix script in the login script interrogate the client computer and write a log.

[blue]Arguably the best cat skinner around ! [/blue]

Cheers
Scott
 
Upvote 0 Downvote
Great idea Scott,

I just tried @HOSTNAME in the kix script but that interrogates the terminal server hostname. Do you know what the syntax should be?

full script I'm using:
$FileName = "\\servername\sharename\ts.txt"
$FileNumber = 8
;Set the mode to create the file if it doesn't exist and to open the file for write access
$Mode = 1 + 4
;Write contents to file
$RetVal = OPEN($FileNumber, "$FileName", $Mode)
IF $RetVal = 0
? "Writing contents to File"
$null = WRITELINE($FileNumber, @USERID + " on " + @HOSTNAME + " at " + @TIME + " " + @DAY + " " + @MDAYNO + " " + @MONTH + " " + @YEAR + Chr(13) + Chr(10))
$RetVal = CLOSE($FileNumber)
IF $RetVal = 0
? "Contents Written and file closed"
ELSE
? "ERROR Closing File"
QUIT
ENDIF
ELSE
? "ERROR Opening File"
QUIT
ENDIF

Thanx,
Fre
 
Upvote 0 Downvote
I found this VB Script that works well on terminal servers. I just cant remember where I got it. you may need to straighten it out a little cut and paste didn't do a job of keeping it formated.



'****************************************************
'*** This script depends on 2 things to work one is that ***
'*** there is a p:\userlog directory (p is the system ***
'*** Which can be changed by editing the AuditFile= line ***
'*** the other is that you MUST go in to the MMC on the ***
'*** Win2k Server open GroupPolicy on the local computer ***
'*** Goto User Configuration -> Logon/logoff scripts and ***
'*** Put the Scripts in there One for login and the
'***
'*** one for Logoff (the only difference is the
'***
'*** F.Writeline. The login script writes Login: etc
'***
'*** and the logoff writes logoff: etc. If the file
'***
'*** doesnt exist it writes a new one. You could also ***
'*** Pipe this info into a db if you would like as well
'***
'*** ENJOY!!!
'***
'****************************************************

Set WSHNetwork = WScript.CreateObject("WScript.Network")

' Get Current Users Information
set shell = WScript.CreateObject( "WScript.Shell" )
username = shell.ExpandEnvironmentStrings("%USERNAME%")
clientmachine = shell.ExpandEnvironmentStrings("%CLIENTNAME%")
sessionname = shell.ExpandEnvironmentStrings("%SESSIONNAME%")
server = shell.ExpandEnvironmentStrings("%COMPUTERNAME%")
AuditFile = "C:\userlog\" & username & ".log"

Const forReading = 1
Const ForWriting = 2
Const ForAppending = 8

CRLF = CHR(10) & CHR(13)

set fs = CreateObject("Scripting.FilesystemObject")

' Check for Audit file
if (fs.FileExists(AuditFile)) Then

' Create the token file and write information
set f = fs.OpenTextFile (AuditFile, ForAppending, True)
f.WriteLine "LogIn: " & username & "," & clientmachine & "," & sessionname & "," & server & "," & Date & " " & Time
f.Close

Else
' Create the token file and write information

fs.CreateTextFile(AuditFile)
set f = fs.OpenTextFile (AuditFile, ForAppending, True)
f.WriteLine "LogIn: " & username & "," & clientmachine & "," & sessionname & "," & server & "," & Date & " " & Time
f.Close

end if
 
Upvote 0 Downvote
You could interrogate ke HKCU/VolatileEnvironment/Clientname

Just had another though...

If they run multiple apps then a login script wont do the trick.

You need to run the script before opening the app.
Looks like batching up the published apps.

[blue]Arguably the best cat skinner around ! [/blue]

Cheers
Scott
 
Upvote 0 Downvote
Thanks for your input guys!

I finally solved it by running a batch file as logon script containing:
echo %TIME% %DATE% %CLIENTNAME%>> \\servername\sharename\filename.txt

on NT4 WTS the date and time are not added however, but that's okay.

Greetz,
Fre
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
715
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
937
suncit
suncit
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
536
MaioMaio
MaioMaio
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
556
antonio_dsanchez
antonio_dsanchez
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
810
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top