RE: [ActiveDir] Tracking the machine from which user logs in
Don't worry about being a newbie, we all are in regards to something.
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Tuesday, June 22, 2004 9:22 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
Oops, sorry for bein such a noobie :)
Thanks Joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 22, 2004 7:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
Watch for line breaks, things most likely ran together in the email and you
didn't get separated back out properly
In the first couple of lines it looks like the following ran together
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery ("Select MACAddress, IPAddress,
ServiceName, Description, IPSubnet, DHCPEnabled, DHCPServer,
DefaultIPGateway, WINSPrimaryServer, WINSSecondaryServer from
Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
Should be
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery ("Select MACAddress, IPAddress,
ServiceName, Description, IPSubnet, DHCPEnabled, DHCPServer,
DefaultIPGateway, WINSPrimaryServer, WINSSecondaryServer from
Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
And those are each both just supposed to be a single line.
That is just one of my issues with vbscript is how it assumes eol for \n.
I.E. It doesn't take a forced line break / terminator like perl or c/c++ or
javascript does with a ;.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Tuesday, June 22, 2004 8:18 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
(4, 76) Microsoft VBScript compliation error: Expected end of statement
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grocott Lee BC GB
Sent: Tuesday, June 22, 2004 4:38 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
I would say it's easy to get the IP information at logon using vbs and wmi:
Start of VBScript:
--
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery ("Select MACAddress, IPAddress,
ServiceName, Description, IPSubnet, DHCPEnabled, DHCPServer,
DefaultIPGateway, WINSPrimaryServer, WINSSecondaryServer from
Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
For Each IPConfig In IPConfigSet
GetNetworkCardProperties(IPConfig)
Next
Function GetNetworkCardProperties(IPConfig)
If Not IsNull(IPConfig.IPAddress) Then
For i=LBound(IPConfig.IPAddress) To UBound(IPConfig.IPAddress)
If IPAddress <> Ipconfig.IPAddress(i) Then
Wscript.Echo "IPAddress", IPConfig.IPAddress(i)
Wscript.Echo "MACAddress", IPConfig.MACAddress(i)
Wscript.Echo "SubNetmask", IPConfig.IPSubnet(i)
Wscript.Echo "ServiceName", IPConfig.ServiceName
Wscript.Echo "Description", IPConfig.Description
If IPConfig.DHCPEnabled < 0 Then
IPDHCPEnabled = "TRUE"
Elseif IPConfig.DHCPEnabled > 0 Then
IPDHCPEnabled = "FALSE"
End if
Wscript.Echo "DHCPEnabled", IPDHCPEnabled
Wscript.Echo "DHCPServer", IPConfig.DHCPServer
Wscript.Echo "DefaultGateway",
IPConfig.DefaultIPGateway(i)
Wscript.Echo "WINSPrimary",
IPConfig.WINSPrimaryServer
Wscript.Echo "WINSSecondary",
IPConfig.WINSSecondaryServer
End If
Next
End If
end function
--
End of VB Script
:-)
Does that help? Let me know if something's not clear.
Cheers,
Lee
-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: 21 June 2004 22:31
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
Well it depends on good you want your data to be
However the only real full proof way of doing this is to write a service
that runs on each PC and watches what is going on. You have several
different types of logons, network, interactive, service, etc. Someone could
log
RE: [ActiveDir] Tracking the machine from which user logs in
Oops, sorry for bein such a noobie :)
Thanks Joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 22, 2004 7:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
Watch for line breaks, things most likely ran together in the email and you
didn't get separated back out properly
In the first couple of lines it looks like the following ran together
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery ("Select MACAddress, IPAddress,
ServiceName, Description, IPSubnet, DHCPEnabled, DHCPServer,
DefaultIPGateway, WINSPrimaryServer, WINSSecondaryServer from
Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
Should be
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery ("Select MACAddress, IPAddress,
ServiceName, Description, IPSubnet, DHCPEnabled, DHCPServer,
DefaultIPGateway, WINSPrimaryServer, WINSSecondaryServer from
Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
And those are each both just supposed to be a single line.
That is just one of my issues with vbscript is how it assumes eol for \n.
I.E. It doesn't take a forced line break / terminator like perl or c/c++ or
javascript does with a ;.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Tuesday, June 22, 2004 8:18 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
(4, 76) Microsoft VBScript compliation error: Expected end of statement
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grocott Lee BC GB
Sent: Tuesday, June 22, 2004 4:38 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
I would say it's easy to get the IP information at logon using vbs and wmi:
Start of VBScript:
--
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery ("Select MACAddress, IPAddress,
ServiceName, Description, IPSubnet, DHCPEnabled, DHCPServer,
DefaultIPGateway, WINSPrimaryServer, WINSSecondaryServer from
Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
For Each IPConfig In IPConfigSet
GetNetworkCardProperties(IPConfig)
Next
Function GetNetworkCardProperties(IPConfig)
If Not IsNull(IPConfig.IPAddress) Then
For i=LBound(IPConfig.IPAddress) To UBound(IPConfig.IPAddress)
If IPAddress <> Ipconfig.IPAddress(i) Then
Wscript.Echo "IPAddress", IPConfig.IPAddress(i)
Wscript.Echo "MACAddress", IPConfig.MACAddress(i)
Wscript.Echo "SubNetmask", IPConfig.IPSubnet(i)
Wscript.Echo "ServiceName", IPConfig.ServiceName
Wscript.Echo "Description", IPConfig.Description
If IPConfig.DHCPEnabled < 0 Then
IPDHCPEnabled = "TRUE"
Elseif IPConfig.DHCPEnabled > 0 Then
IPDHCPEnabled = "FALSE"
End if
Wscript.Echo "DHCPEnabled", IPDHCPEnabled
Wscript.Echo "DHCPServer", IPConfig.DHCPServer
Wscript.Echo "DefaultGateway",
IPConfig.DefaultIPGateway(i)
Wscript.Echo "WINSPrimary",
IPConfig.WINSPrimaryServer
Wscript.Echo "WINSSecondary",
IPConfig.WINSSecondaryServer
End If
Next
End If
end function
------
End of VB Script
:-)
Does that help? Let me know if something's not clear.
Cheers,
Lee
-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: 21 June 2004 22:31
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
Well it depends on good you want your data to be
However the only real full proof way of doing this is to write a service
that runs on each PC and watches what is going on. You have several
different types of logons, network, interactive, service, etc. Someone could
log onto an ID on a machine but never hit a logon script (cached cred logon
or runas, etc).
As for log offs... Well log offs are a slippery concept, if someone
hibernates, did they log off? What if they just shut the PC off?
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi
RE: [ActiveDir] Tracking the machine from which user logs in
Watch for line breaks, things most likely ran together in the email and you
didn't get separated back out properly
In the first couple of lines it looks like the following ran together
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery ("Select MACAddress, IPAddress,
ServiceName, Description, IPSubnet, DHCPEnabled, DHCPServer,
DefaultIPGateway, WINSPrimaryServer, WINSSecondaryServer from
Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
Should be
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery ("Select MACAddress, IPAddress,
ServiceName, Description, IPSubnet, DHCPEnabled, DHCPServer,
DefaultIPGateway, WINSPrimaryServer, WINSSecondaryServer from
Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
And those are each both just supposed to be a single line.
That is just one of my issues with vbscript is how it assumes eol for \n.
I.E. It doesn't take a forced line break / terminator like perl or c/c++ or
javascript does with a ;.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Tuesday, June 22, 2004 8:18 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
(4, 76) Microsoft VBScript compliation error: Expected end of statement
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grocott Lee BC GB
Sent: Tuesday, June 22, 2004 4:38 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
I would say it's easy to get the IP information at logon using vbs and wmi:
Start of VBScript:
--
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery ("Select MACAddress, IPAddress,
ServiceName, Description, IPSubnet, DHCPEnabled, DHCPServer,
DefaultIPGateway, WINSPrimaryServer, WINSSecondaryServer from
Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
For Each IPConfig In IPConfigSet
GetNetworkCardProperties(IPConfig)
Next
Function GetNetworkCardProperties(IPConfig)
If Not IsNull(IPConfig.IPAddress) Then
For i=LBound(IPConfig.IPAddress) To UBound(IPConfig.IPAddress)
If IPAddress <> Ipconfig.IPAddress(i) Then
Wscript.Echo "IPAddress", IPConfig.IPAddress(i)
Wscript.Echo "MACAddress", IPConfig.MACAddress(i)
Wscript.Echo "SubNetmask", IPConfig.IPSubnet(i)
Wscript.Echo "ServiceName", IPConfig.ServiceName
Wscript.Echo "Description", IPConfig.Description
If IPConfig.DHCPEnabled < 0 Then
IPDHCPEnabled = "TRUE"
Elseif IPConfig.DHCPEnabled > 0 Then
IPDHCPEnabled = "FALSE"
End if
Wscript.Echo "DHCPEnabled", IPDHCPEnabled
Wscript.Echo "DHCPServer", IPConfig.DHCPServer
Wscript.Echo "DefaultGateway",
IPConfig.DefaultIPGateway(i)
Wscript.Echo "WINSPrimary",
IPConfig.WINSPrimaryServer
Wscript.Echo "WINSSecondary",
IPConfig.WINSSecondaryServer
End If
Next
End If
end function
------
End of VB Script
:-)
Does that help? Let me know if something's not clear.
Cheers,
Lee
-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: 21 June 2004 22:31
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
Well it depends on good you want your data to be
However the only real full proof way of doing this is to write a service
that runs on each PC and watches what is going on. You have several
different types of logons, network, interactive, service, etc. Someone could
log onto an ID on a machine but never hit a logon script (cached cred logon
or runas, etc).
As for log offs... Well log offs are a slippery concept, if someone
hibernates, did they log off? What if they just shut the PC off?
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi
Sent: Sunday, June 06, 2004 2:55 AM
To: ADList
Subject: [ActiveDir] Tracking the machine from which user logs in
Hi,
I am writing an application that would track the login logoff activities of
users. I can get lastlogin and lastlogoff information from AD, but I als
RE: [ActiveDir] Tracking the machine from which user logs in
Um sorry about that, not sure what happened.
Maybe it's easier if I include the code as an attachment :-)
-Lee
-Original Message-
From: Rimmerman, Russ [mailto:[EMAIL PROTECTED]
Sent: 22 June 2004 13:18
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
(4, 76) Microsoft VBScript compliation error: Expected end of statement
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grocott Lee BC GB
Sent: Tuesday, June 22, 2004 4:38 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
I would say it's easy to get the IP information at logon using vbs and wmi:
Start of VBScript:
--
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery ("Select MACAddress, IPAddress,
ServiceName, Description, IPSubnet, DHCPEnabled, DHCPServer,
DefaultIPGateway, WINSPrimaryServer, WINSSecondaryServer from
Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
For Each IPConfig In IPConfigSet
GetNetworkCardProperties(IPConfig)
Next
Function GetNetworkCardProperties(IPConfig)
If Not IsNull(IPConfig.IPAddress) Then
For i=LBound(IPConfig.IPAddress) To UBound(IPConfig.IPAddress)
If IPAddress <> Ipconfig.IPAddress(i) Then
Wscript.Echo "IPAddress", IPConfig.IPAddress(i)
Wscript.Echo "MACAddress", IPConfig.MACAddress(i)
Wscript.Echo "SubNetmask", IPConfig.IPSubnet(i)
Wscript.Echo "ServiceName", IPConfig.ServiceName
Wscript.Echo "Description", IPConfig.Description
If IPConfig.DHCPEnabled < 0 Then
IPDHCPEnabled = "TRUE"
Elseif IPConfig.DHCPEnabled > 0 Then
IPDHCPEnabled = "FALSE"
End if
Wscript.Echo "DHCPEnabled", IPDHCPEnabled
Wscript.Echo "DHCPServer", IPConfig.DHCPServer
Wscript.Echo "DefaultGateway",
IPConfig.DefaultIPGateway(i)
Wscript.Echo "WINSPrimary",
IPConfig.WINSPrimaryServer
Wscript.Echo "WINSSecondary",
IPConfig.WINSSecondaryServer
End If
Next
End If
end function
--
End of VB Script
:-)
Does that help? Let me know if something's not clear.
Cheers,
Lee
-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: 21 June 2004 22:31
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
Well it depends on good you want your data to be
However the only real full proof way of doing this is to write a service
that runs on each PC and watches what is going on. You have several
different types of logons, network, interactive, service, etc. Someone could
log onto an ID on a machine but never hit a logon script (cached cred logon
or runas, etc).
As for log offs... Well log offs are a slippery concept, if someone
hibernates, did they log off? What if they just shut the PC off?
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi
Sent: Sunday, June 06, 2004 2:55 AM
To: ADList
Subject: [ActiveDir] Tracking the machine from which user logs in
Hi,
I am writing an application that would track the login logoff activities of
users. I can get lastlogin and lastlogoff information from AD, but I also
need to know the machine/IP on which that particular login/logoff happened.
How do I get this information?
Thanks
~ Mukul
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.
This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~
L
RE: [ActiveDir] Tracking the machine from which user logs in
(4, 76) Microsoft VBScript compliation error: Expected end of statement
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grocott Lee BC GB
Sent: Tuesday, June 22, 2004 4:38 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
I would say it's easy to get the IP information at logon using vbs and wmi:
Start of VBScript:
--
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery ("Select MACAddress, IPAddress,
ServiceName, Description, IPSubnet, DHCPEnabled, DHCPServer,
DefaultIPGateway, WINSPrimaryServer, WINSSecondaryServer from
Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
For Each IPConfig In IPConfigSet
GetNetworkCardProperties(IPConfig)
Next
Function GetNetworkCardProperties(IPConfig)
If Not IsNull(IPConfig.IPAddress) Then
For i=LBound(IPConfig.IPAddress) To UBound(IPConfig.IPAddress)
If IPAddress <> Ipconfig.IPAddress(i) Then
Wscript.Echo "IPAddress", IPConfig.IPAddress(i)
Wscript.Echo "MACAddress", IPConfig.MACAddress(i)
Wscript.Echo "SubNetmask", IPConfig.IPSubnet(i)
Wscript.Echo "ServiceName", IPConfig.ServiceName
Wscript.Echo "Description", IPConfig.Description
If IPConfig.DHCPEnabled < 0 Then
IPDHCPEnabled = "TRUE"
Elseif IPConfig.DHCPEnabled > 0 Then
IPDHCPEnabled = "FALSE"
End if
Wscript.Echo "DHCPEnabled", IPDHCPEnabled
Wscript.Echo "DHCPServer", IPConfig.DHCPServer
Wscript.Echo "DefaultGateway",
IPConfig.DefaultIPGateway(i)
Wscript.Echo "WINSPrimary",
IPConfig.WINSPrimaryServer
Wscript.Echo "WINSSecondary",
IPConfig.WINSSecondaryServer
End If
Next
End If
end function
--
End of VB Script
:-)
Does that help? Let me know if something's not clear.
Cheers,
Lee
-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: 21 June 2004 22:31
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
Well it depends on good you want your data to be
However the only real full proof way of doing this is to write a service
that runs on each PC and watches what is going on. You have several
different types of logons, network, interactive, service, etc. Someone could
log onto an ID on a machine but never hit a logon script (cached cred logon
or runas, etc).
As for log offs... Well log offs are a slippery concept, if someone
hibernates, did they log off? What if they just shut the PC off?
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi
Sent: Sunday, June 06, 2004 2:55 AM
To: ADList
Subject: [ActiveDir] Tracking the machine from which user logs in
Hi,
I am writing an application that would track the login logoff activities of
users. I can get lastlogin and lastlogoff information from AD, but I also
need to know the machine/IP on which that particular login/logoff happened.
How do I get this information?
Thanks
~ Mukul
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.
This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Tracking the machine from which user logs in
> ... Well log offs are a slippery concept Presumably that's why the lastLogoff attribute values are not populated in AD? -- Original Message -- Wrom: UWLSZLKBRNVWWCUFPEGAUTFJMVRE Reply-To: [EMAIL PROTECTED] Date: Mon, 21 Jun 2004 17:31:12 -0400 Well it depends on good you want your data to be However the only real full proof way of doing this is to write a service that runs on each PC and watches what is going on. You have several different types of logons, network, interactive, service, etc. Someone could log onto an ID on a machine but never hit a logon script (cached cred logon or runas, etc). As for log offs... Well log offs are a slippery concept, if someone hibernates, did they log off? What if they just shut the PC off? joe -Original Message- Wrom: SKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIB [mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi Sent: Sunday, June 06, 2004 2:55 AM To: ADList Subject: [ActiveDir] Tracking the machine from which user logs in Hi, I am writing an application that would track the login logoff activities of users. I can get lastlogin and lastlogoff information from AD, but I also need to know the machine/IP on which that particular login/logoff happened. How do I get this information? Thanks ~ Mukul List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Sent via the WebMail system at mail.activedir.org List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Tracking the machine from which user logs in
I would say it's easy to get the IP information at logon using vbs and wmi:
Start of VBScript:
--
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery ("Select MACAddress, IPAddress,
ServiceName, Description, IPSubnet, DHCPEnabled, DHCPServer,
DefaultIPGateway, WINSPrimaryServer, WINSSecondaryServer from
Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
For Each IPConfig In IPConfigSet
GetNetworkCardProperties(IPConfig)
Next
Function GetNetworkCardProperties(IPConfig)
If Not IsNull(IPConfig.IPAddress) Then
For i=LBound(IPConfig.IPAddress) To UBound(IPConfig.IPAddress)
If IPAddress <> Ipconfig.IPAddress(i) Then
Wscript.Echo "IPAddress", IPConfig.IPAddress(i)
Wscript.Echo "MACAddress", IPConfig.MACAddress(i)
Wscript.Echo "SubNetmask", IPConfig.IPSubnet(i)
Wscript.Echo "ServiceName", IPConfig.ServiceName
Wscript.Echo "Description", IPConfig.Description
If IPConfig.DHCPEnabled < 0 Then
IPDHCPEnabled = "TRUE"
Elseif IPConfig.DHCPEnabled > 0 Then
IPDHCPEnabled = "FALSE"
End if
Wscript.Echo "DHCPEnabled", IPDHCPEnabled
Wscript.Echo "DHCPServer", IPConfig.DHCPServer
Wscript.Echo "DefaultGateway",
IPConfig.DefaultIPGateway(i)
Wscript.Echo "WINSPrimary",
IPConfig.WINSPrimaryServer
Wscript.Echo "WINSSecondary",
IPConfig.WINSSecondaryServer
End If
Next
End If
end function
--
End of VB Script
:-)
Does that help? Let me know if something's not clear.
Cheers,
Lee
-Original Message-
From: joe [mailto:[EMAIL PROTECTED]
Sent: 21 June 2004 22:31
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tracking the machine from which user logs in
Well it depends on good you want your data to be
However the only real full proof way of doing this is to write a service
that runs on each PC and watches what is going on. You have several
different types of logons, network, interactive, service, etc. Someone could
log onto an ID on a machine but never hit a logon script (cached cred logon
or runas, etc).
As for log offs... Well log offs are a slippery concept, if someone
hibernates, did they log off? What if they just shut the PC off?
joe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi
Sent: Sunday, June 06, 2004 2:55 AM
To: ADList
Subject: [ActiveDir] Tracking the machine from which user logs in
Hi,
I am writing an application that would track the login logoff activities of
users. I can get lastlogin and lastlogoff information from AD, but I also
need to know the machine/IP on which that particular login/logoff happened.
How do I get this information?
Thanks
~ Mukul
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Tracking the machine from which user logs in
Well it depends on good you want your data to be However the only real full proof way of doing this is to write a service that runs on each PC and watches what is going on. You have several different types of logons, network, interactive, service, etc. Someone could log onto an ID on a machine but never hit a logon script (cached cred logon or runas, etc). As for log offs... Well log offs are a slippery concept, if someone hibernates, did they log off? What if they just shut the PC off? joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi Sent: Sunday, June 06, 2004 2:55 AM To: ADList Subject: [ActiveDir] Tracking the machine from which user logs in Hi, I am writing an application that would track the login logoff activities of users. I can get lastlogin and lastlogoff information from AD, but I also need to know the machine/IP on which that particular login/logoff happened. How do I get this information? Thanks ~ Mukul List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Tracking the machine from which user logs in
I don't think CConnect was ever fully (and successfully) implemented. I believe it was a theory that died midway. The reason I say this is because I have yet to meet anyone who uses it in production, and I personally spent a lot of time trying to make it work some 4 years ago. For what Mukul is look for, I handle this thru login script and append an "echo %COMPUTERNAME%" to a %logonserver%\sysvol\%username%.log file available on all the DCs. There is a scheduled job that deletes any \%username%.log older than 30 days. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Steve PatrickSent: Sun 6/6/2004 9:01 AMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] Tracking the machine from which user logs in There is also an app called CConnect - or concurrent connections. This requires a SQL backend (or msde I suppose) but the next version will use NDNC's if I recall. See http://support.microsoft.com/?kbid=237282 -steve - Original Message - From: "Eric Fleischman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, June 06, 2004 8:47 AM Subject: RE: [ActiveDir] Tracking the machine from which user logs in Oh sorry, you want to know *what* machine the user logged on from, not just the fact that they logged on. Yea, you need auditing for that like Marcus said. But the thing I cited is probably the best way to find out when they logged on last, with some time lag of course. Else you need to comb all of the DCs. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Sunday, June 06, 2004 9:00 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Tracking the machine from which user logs in Actually that's not entirely true. If you're running 2k03, we have a new attribute we maintain for this very purpose. This was a FAQ in 2k days. lastLogonTimestamp is the attribute you're looking for. Here's a page or two on it: http://msdn.microsoft.com/library/en-us/adschema/adschema/a_lastlogontim estamp.asp http://msdn.microsoft.com/library/en-us/adschema/adschema/a_msds_logonti mesyncinterval.asp http://support.microsoft.com/default.aspx?scid=kb;en-us;828266 If you change msDS-LogonTimeSyncInterval, be careful or you'll be pushing a ton of changes around the domain. We intentionally don't replicate this thing every time a user logs on with default settings. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, June 06, 2004 2:04 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Tracking the machine from which user logs in Mukul, The only way you're going to get that information is from the event log. Of course, there's some filtering you'll want to do as well. Here's a good article on the process: http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/mo nitor/logonoff.mspx -m -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi Sent: Sunday, June 06, 2004 2:55 AM To: ADList Subject: [ActiveDir] Tracking the machine from which user logs in Hi, I am writing an application that would track the login logoff activities of users. I can get lastlogin and lastlogoff information from AD, but I also need to know the machine/IP on which that particular login/logoff happened. How do I get this information? Thanks ~ Mukul List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Tracking the machine from which user logs in
Once upon a time I wrote a very short program that prints your current IP address to stdout. It's handy in a login script -- for example, you can do something like this (the exact syntax escapes me at the moment): myip.exe >> \\some-big-server\whereami\%USERNAME%.txt right in the login script. If you later need to know what machines a user is signing in from, just read their file in that share. E-mail me at [EMAIL PROTECTED] if you want a copy. Cheers, -- Idan On Sun, 6 Jun 2004, AD wrote: > We are doing it using logon scripts. Using vbscript and WMI you can get > anything you want. The captured data is then stored on a share and then > processed by another application. We did it this way not to increase > login times. > > Y > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi > Sent: Sunday, June 06, 2004 2:55 AM > To: ADList > Subject: [ActiveDir] Tracking the machine from which user logs in > > Hi, > > I am writing an application that would track the login logoff activities > of users. I can get lastlogin and lastlogoff information from AD, but I > also need to know the machine/IP on which that particular login/logoff > happened. How do I get this information? > > Thanks > ~ Mukul > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Tracking the machine from which user logs in
We are doing it using logon scripts. Using vbscript and WMI you can get anything you want. The captured data is then stored on a share and then processed by another application. We did it this way not to increase login times. Y -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi Sent: Sunday, June 06, 2004 2:55 AM To: ADList Subject: [ActiveDir] Tracking the machine from which user logs in Hi, I am writing an application that would track the login logoff activities of users. I can get lastlogin and lastlogoff information from AD, but I also need to know the machine/IP on which that particular login/logoff happened. How do I get this information? Thanks ~ Mukul List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Tracking the machine from which user logs in
There is also an app called CConnect - or concurrent connections. This requires a SQL backend (or msde I suppose) but the next version will use NDNC's if I recall. See http://support.microsoft.com/?kbid=237282 -steve - Original Message - From: "Eric Fleischman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, June 06, 2004 8:47 AM Subject: RE: [ActiveDir] Tracking the machine from which user logs in Oh sorry, you want to know *what* machine the user logged on from, not just the fact that they logged on. Yea, you need auditing for that like Marcus said. But the thing I cited is probably the best way to find out when they logged on last, with some time lag of course. Else you need to comb all of the DCs. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Sunday, June 06, 2004 9:00 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Tracking the machine from which user logs in Actually that's not entirely true. If you're running 2k03, we have a new attribute we maintain for this very purpose. This was a FAQ in 2k days. lastLogonTimestamp is the attribute you're looking for. Here's a page or two on it: http://msdn.microsoft.com/library/en-us/adschema/adschema/a_lastlogontim estamp.asp http://msdn.microsoft.com/library/en-us/adschema/adschema/a_msds_logonti mesyncinterval.asp http://support.microsoft.com/default.aspx?scid=kb;en-us;828266 If you change msDS-LogonTimeSyncInterval, be careful or you'll be pushing a ton of changes around the domain. We intentionally don't replicate this thing every time a user logs on with default settings. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, June 06, 2004 2:04 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Tracking the machine from which user logs in Mukul, The only way you're going to get that information is from the event log. Of course, there's some filtering you'll want to do as well. Here's a good article on the process: http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/mo nitor/logonoff.mspx -m -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi Sent: Sunday, June 06, 2004 2:55 AM To: ADList Subject: [ActiveDir] Tracking the machine from which user logs in Hi, I am writing an application that would track the login logoff activities of users. I can get lastlogin and lastlogoff information from AD, but I also need to know the machine/IP on which that particular login/logoff happened. How do I get this information? Thanks ~ Mukul List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Tracking the machine from which user logs in
Oh sorry, you want to know *what* machine the user logged on from, not just the fact that they logged on. Yea, you need auditing for that like Marcus said. But the thing I cited is probably the best way to find out when they logged on last, with some time lag of course. Else you need to comb all of the DCs. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Sunday, June 06, 2004 9:00 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Tracking the machine from which user logs in Actually that's not entirely true. If you're running 2k03, we have a new attribute we maintain for this very purpose. This was a FAQ in 2k days. lastLogonTimestamp is the attribute you're looking for. Here's a page or two on it: http://msdn.microsoft.com/library/en-us/adschema/adschema/a_lastlogontim estamp.asp http://msdn.microsoft.com/library/en-us/adschema/adschema/a_msds_logonti mesyncinterval.asp http://support.microsoft.com/default.aspx?scid=kb;en-us;828266 If you change msDS-LogonTimeSyncInterval, be careful or you'll be pushing a ton of changes around the domain. We intentionally don't replicate this thing every time a user logs on with default settings. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, June 06, 2004 2:04 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Tracking the machine from which user logs in Mukul, The only way you're going to get that information is from the event log. Of course, there's some filtering you'll want to do as well. Here's a good article on the process: http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/mo nitor/logonoff.mspx -m -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi Sent: Sunday, June 06, 2004 2:55 AM To: ADList Subject: [ActiveDir] Tracking the machine from which user logs in Hi, I am writing an application that would track the login logoff activities of users. I can get lastlogin and lastlogoff information from AD, but I also need to know the machine/IP on which that particular login/logoff happened. How do I get this information? Thanks ~ Mukul List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Tracking the machine from which user logs in
Actually that's not entirely true. If you're running 2k03, we have a new attribute we maintain for this very purpose. This was a FAQ in 2k days. lastLogonTimestamp is the attribute you're looking for. Here's a page or two on it: http://msdn.microsoft.com/library/en-us/adschema/adschema/a_lastlogontim estamp.asp http://msdn.microsoft.com/library/en-us/adschema/adschema/a_msds_logonti mesyncinterval.asp http://support.microsoft.com/default.aspx?scid=kb;en-us;828266 If you change msDS-LogonTimeSyncInterval, be careful or you'll be pushing a ton of changes around the domain. We intentionally don't replicate this thing every time a user logs on with default settings. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, June 06, 2004 2:04 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Tracking the machine from which user logs in Mukul, The only way you're going to get that information is from the event log. Of course, there's some filtering you'll want to do as well. Here's a good article on the process: http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/mo nitor/logonoff.mspx -m -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi Sent: Sunday, June 06, 2004 2:55 AM To: ADList Subject: [ActiveDir] Tracking the machine from which user logs in Hi, I am writing an application that would track the login logoff activities of users. I can get lastlogin and lastlogoff information from AD, but I also need to know the machine/IP on which that particular login/logoff happened. How do I get this information? Thanks ~ Mukul List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Tracking the machine from which user logs in
Mukul, The only way you're going to get that information is from the event log. Of course, there's some filtering you'll want to do as well. Here's a good article on the process: http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/mo nitor/logonoff.mspx -m -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mukul Joshi Sent: Sunday, June 06, 2004 2:55 AM To: ADList Subject: [ActiveDir] Tracking the machine from which user logs in Hi, I am writing an application that would track the login logoff activities of users. I can get lastlogin and lastlogoff information from AD, but I also need to know the machine/IP on which that particular login/logoff happened. How do I get this information? Thanks ~ Mukul List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
