It’s difficult to find where the log files are when it comes to domain users login/logout. This gives a headache, specially when IT security compliance audit comes, and no one knows where to pull it out. Though Windows serves have logging capabilities, most find it inconvenient. So, a better way to log workstation access by domain users is defined on this article.
Below are the steps on how to create your own log file, that will create an entry every time a user logs in or out from a domain workstation:
Create a shared folder that is accessible for “Everyone”, which means any domain user has the right to write on it. In this example, we will call the shared folder “logs”.
Create the script for log in activities.
@echo off
net use N: /delete
net use N: \\<ip_address_of_shared_folder>\<path\logs>
echo Login %date% %time% %username% %computername% >> N:\userlogin.txt
net use N: /delete
Create the script for log out activities.
@echo off
net use N: /delete
net use N: \\<ip_address_of_shared_folder>\<path\logs>
echo Logout %date% %time% %username% %computername% >> N:\userlogout.txt
net use N: /delete
Link the scripts created to the GPO. The exact path for adding the logon and logoff script is:
User > Policies > Windows Settings > Scripts.
Under scripts, there is Logon and Logoff . Under each category, browse for the script’s location to assign it to this event.
The scripts created will be ran at log-in and log-out event. Any new entry will just append to the userlogin.txt and userlogout.txt.
Project Puchufy 