Who.bat

0 Likes

I needed to create a log file to be able to track user accounts with the IP address and machine name they logged into and came up with this solution. This batch file does not require any other programs other than the utilities that come with Windows XP such as ipconfig, date, and time.



In the login script I first need to export the context name so I can use that in a batch file.



Added to Login Script



dos set login_context = login_context

#\\do\sys\public\who.bat


Who.bat is the name of the script I run.



Just change the logfile location to the path that you want to log to and make sure users have write access to the file. The Local File also creates a log on the hard drive. I chose vfat32.vxd because if a user saw the file, they would not know what it is.



Here is a sample of the file. You can open it in Excel directly for sorting and searching abilities.



lfreeman.DO.TSD , 10/27/2006 , 10:25 AM , 10.10.0.129 , TSD002977 , 00-0B-CD-9F-C4-FC


bbetts.DO.TSD , 10/27/2006 , 10:58 AM , 10.10.0.169 , TSD5304 , 00-13-21-EB-65-64


cmartin.do.tsd , 10/27/2006 , 11:04 AM , 10.75.0.100 , TSD002621 , 00-08-02-4B-0E-03


akeating.DO.TSD , 10/27/2006 , 11:10 AM , 10.10.0.153 , TSD-004243 , 00-0B-CD-94-AF-43


bbetts.DO.TSD , 10/27/2006 , 11:31 AM , 10.10.0.169 , TSD5304 , 00-13-21-EB-65-64


vkelly.DO.TSD , 10/27/2006 , 11:36 AM , 10.10.0.169 , TSD5304 , 00-13-21-EB-65-64


jedin.DO.TSD , 10/27/06 , 12:11 PM , 10.10.0.104 , TSD-4216 , 00-0B-CD-94-B5-78


vkelly.DO.TSD , 10/27/2006 , 12:18 PM , 10.10.0.169 , TSD5304 , 00-13-21-EB-65-64


sfrench.DO.TSD , 10/27/2006 , 12:22 PM , 10.10.0.130 , TSD003945 , 00-0B-CD-A2-62-EF


vkelly.DO.TSD , 10/27/2006 , 12:28 PM , 10.10.0.169 , TSD5304 , 00-13-21-EB-65-64



Who.bat

@echo off

REM SET LOG FILE LOCATION
SET LOGFILE=\\DO\VOL1\SUPPORT\LOGS\USER.CSV

FOR /F "TOKENS=2* DELIMS= " %%A IN ('date/t') DO SET MYDATE=%%A
FOR /F "TOKENS=1* DELIMS= " %%A IN ('time/t') DO SET MYTIME=%%A
FOR /F "TOKENS=2* DELIMS= " %%A IN ('time/t') DO SET MYMERIDIAN=%%A


ipconfig /all > c:\ipconfig.tmp
type c:\ipconfig.tmp | find "IP Address" > c:\ip.tmp
type c:\ipconfig.tmp | find "Host Name" > c:\host.tmp
type c:\ipconfig.tmp | find "Physical" > c:\mac.tmp

FOR /F "TOKENS=15* DELIMS= " %%A IN ('type c:\ip.tmp') DO SET MYIP=%%A
FOR /F "TOKENS=16* DELIMS= " %%A IN ('type c:\host.tmp') DO SET MYHOST=%%A
FOR /F "TOKENS=12* DELIMS= " %%A IN ('type c:\mac.tmp') DO SET MYMAC=%%A

REM Local File Log
echo %homedir%.%login_context% , %MYDATE% , %MYTIME% %MYMERIDIAN% , %MYIP% , %MYHOST% , %MYMAC% >> C:\VFAT32.VXD
attrib h c:\vfat32.vxd >nul

REM Network File Log
echo %homedir%.%login_context% , %MYDATE% , %MYTIME% %MYMERIDIAN% , %MYIP% , %MYHOST% , %MYMAC% >> %LOGFILE%



REM Clean Up
del c:\ipconfig.tmp
del c:\ip.tmp
del c:\host.tmp
del c:\mac.tmp
cls
exit > nul


This utility is very useful to me to find out who logged into what workstation and also the ability to tell which ip address a user logged into and compare to my proxy logs.


I hope this utility can be useful to someone

Labels:

Collateral
Comment List
Anonymous
Related Discussions
Recommended