Audit User Logon and Logoff

A quick and easy way to audit your users login times (and some other details) is by using this simple login script method.
Firstly, you need to build two .BAT file scripts and save them to some sort of Audit share on a server. (I suggest hiding the share with the $ so users can’t easily access the share).
You need to give all users write permissions to the directory as they will be running a script and updating a file.

logoffAuditScript.BAT

echo —- Logoff —- %username%, %computername%, %date%, %time% >>\SERVERNAMEaudit$logoffAudit.txt

logonAuditScript.BAT

echo —- Logon —- %username%, %computername%, %date%, %time% >>\SERVERNAMEaudit$logonAudit.txt

You need to add the logonAuditScript.BAT to the login scripts settings in Group Policy and obviously the logoffAuditScript.BAT to the logout scripts setting.

Basically all these batch files do is write a single line with the username, computer name, date and time to the .txt files specified in the script.
You can then open the text files with Excel and find out when your staff are logging in and out.

There are a lot more extensive audit login scripts available out there – however I found this a quick and easy option that satisfies my simple audit needs. The major draw back of this audit method is that it only runs when users login and logout… if users stay logged in for long periods of time nothing is logged. You can use Logon Hours within AD to force users to logout if necessary.

Matt Shadbolt