Tracking active directory user logon/off for the just cause – Part 1

Doing some work remotely, typically using a VPN to access our customer(s) network, or some other type of remote access software (like TeamViewer) is unavoidable when we’re maintaining our customers infrastructures.

The recurring problem I encounter and that initially got me started on tracking user logons and logoffs is to determine a convenient moment where I can interrupt my customer’s business, typically to reboot a server or a shared resource.

That’s where it comes in very handy to know if someone is still working on her/his PC or has left a session open, before firing an unscheduled interruption. Rebooting a Windows SBS 2011 server can take it out for 15 minutes, or even more if it has to apply everlasting updates.

I’ll discuss two methods I use to track users sessions and see who’s logged on.

These two methods require that you have a hand in the administration of the Active Directory server that manages your domain, because we’re going to implement a group policy to help us do that.

For this first method, we’ll simply use two batch files. One that is run for each user at his/her logon time, and the other for the logoff.

You just need to use a location either on the server file system or a network shared directory where the scripts must have write access. I do use a shared directory on a NAS box and I set the “hidden” property of the shared directory to true (like ending the shared resource name with ‘$’ on windows).

Let’s say we use a NAS named “MYNAS” and the shared directory “loggedon”. Then:

At user logon, we execute:

And at logoff, we execute:

So, with that, you end up with a directory full of text files for each currently open user session.
You can peek into that directory to know who’s logged on.

How do you setup these scripts on your Windows server ? Here, on technet

Cool, but wouldn’t it be cooler if we had a mobile app where we can select a customer domain and see a list of all last logons and logoffs ?
Sure, wait for it, that’s coming – if ever 😉 – on part 2.