Hi,
There are several methods for this requirements:
Method 1:
You can try to enable the policy "Audit logon events" and then we can audit the user logon/logoff events in the security log.
To enable the policy "Audit logon events", please perform the following steps:
1. Logon Domain Controller using domain administrator.
2. Open default domain controller policy or create a new GPO at domain level.
3. Click Local Computer Policy, click Computer Configuration, and then click Windows Settings->Security Settings->Local Policies->Audit
Policy->Double click Audit logon events and Audit Account Logon Events->Select Success and Failure.
Click OK.
You can find the following information from the Windows Server 2003 Security Guide:
Audit Account Logon Events
Determines whether to audit each instance of a user logging on to or logging off from another computer in which this computer is used to validate
the account. If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when an account logon attempt succeeds. Failure audits generate an audit
entry when an account logon attempt fails.
If success auditing for account logon events is enabled on a domain controller, an entry is logged for each user who is validated against that domain
controller, even though the user is actually logging on to a workstation that is joined to the domain.
Audit Logon Events
Determines whether to audit each instance of a user logging on to, logging off from, or making a network connection to this computer. If you are
logging successful account logon audit events on a domain controller, workstation logon attempts do not generate logon audits. Only interactive and network logon attempts to the domain controller itself generate logon events. In short, "account logon events"
are generated where the account lives; "logon events" are generated where the logon attempt occurs.
If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits
generate an audit entry when a logon attempt succeeds. Failure audits generate an audit entry when a logon attempt fails.
Windows Server 2003 Security Guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=8a2643c1-0685-4d89-b655-521ea6c7b4db&displaylang=en
Method 2:
You can also add some lines to the logon and log off script to write something to the server share log file.
@echo off
echo [%date%
%time%] >>\\server\share\logon.log
echo %username% log on %computername% to damain: %userdomain% >>\\server\share\logon.log
NOTE: you may need to give write permission to everyone to get the log accessed by all users.
Method 3:
We can use a new tool called LimitLogin.
LimitLogin v1.0 is an application that adds the ability to limit concurrent interactive user logons in an Active Directory domain. It can also keep
track of all logins information in Active Directory domains (without necessarily enforcing logons quotas).
LimitLogin capabilities include:
l
Limiting the number of logins per user from any machine in the domain, including Terminal Server sessions.
l
Displaying the logins information of any user in the domain according to a specific criterion (e.g. all the logged-on sessions to a specific client machine
or Domain Controller, or all the machines a certain user is currently logged on to).
l
Easy management and configuration by integrating to the Active Directory MMC snap-ins.
l
Ability to delete and log off user session remotely straight from the Active Directory Users and Computers MMC snap-in.
l
Generating Login information reports in CSV (Excel) and XML formats.
Please keep in mind that this tool is Not Supported (similar to a resource kit tools).
More information regarding this tool is available in:
http://technet.microsoft.com/en-us/magazine/cc160794.aspx
Hope it helps.
-
Proposed as answer by
Alan ZhuModerator
Tuesday, November 09, 2010 6:58 AM
-
Marked as answer by
Alan ZhuModerator
Monday, November 15, 2010 1:55 AM