Thread: Scripts to capture logon/logoff works fine-does not work if run as a group policy logon/logoff script

Last post 03-05-2008 12:40 AM by qbernard. 5 replies.

Average Rating Rate It (5)Thank you for the rating!

RSS

Page 1 of 1 (6 items)

Sort Posts:

03-03-2008, 11:12 PM

BobJ
Joined on 03-04-2008, 3:26 AM
Posts 3

Scripts to capture logon/logoff works fine-does not work if run as a group policy logon/logoff script

Reply Contact

I created a process to capture specific logon/logoff information - including date, time, user name, ip address, mac address, computer name, and some other site specific information. This all runs as part of a batch file that collects the data and ultimately echos all captured data to a csv file.

I want to import this data at the time it is captured to a SQL database, so I modified my script to run logparser and read the csv file in order to import it directly to the SQL DB. All data is initially stored on the local machine of the user logging on. There do not appear to be any issues with creating the text files in that directory. If I manually run the batch file, everything works as planned - CSV is created, read and imported into SQL. Works Great!

But....if I set the batch files to run as the logon and logoff scripts in group policy (user), the CSV file is created, but the data is not imported into SQL. I tried to pipe the output of the SQL command to a text file for debugging and along with the statistics, it reports "task aborted". That's it. I couldn't find anything else anywhere.

This is the statement I'm trying to execute:

\\mydomain\NETLOGON\logparser.exe "select * INTO LogonLogoff from c:\logdata\DataToImport.txt" -i:CSV -o:SQL -server:MySQLServer\ThisInstance -database:LogonLogoffDB -driver:"SQL Server" -username:loguser -password:logpassword -createtable:OFF -headerrow:off

I'd certainly appreciate any suggestions anyone may have.

03-04-2008, 3:42 AM In reply to

djoh
Joined on 03-04-2008, 8:40 AM
Posts 1

Re: Scripts to capture logon/logoff works fine-does not work if run as a group policy logon/logoff script

Reply Contact

Hi,

Can you share your script that generates the CSV with us ?

Djoh

03-04-2008, 9:27 AM In reply to

BobJ
Joined on 03-04-2008, 3:26 AM
Posts 3

Re: Scripts to capture logon/logoff works fine-does not work if run as a group policy logon/logoff script

Reply Contact

The CSV output from the following batch file looks like this:

03/04/2008, 05:34:47:00, logon, UserName,ComputerName, 192.168.100.1, 00-4C-46-21-35-2C, Finance Division, Finance Department

03/04/2008, 05:36:37:00, logoff, UserName,ComputerName, 192.168.100.1, 00-4C-46-21-35-2C, Finance Division, Finance Department

I tried to add a lot of remarks to identify what I'm trying to do in this batch file. This isn't very elegent. I found some code (primarly the FOR statements) elsewhere and modified it or added to it for our environment. It relies heavily on capturing data from other sources (IPCONFIG /all, NET command), writing to a file and then searching that file for the data I want to capture.

The reference to DATETIME.EXE is a small executable I create using WINBATCH to capture and format date and time values - otherwise tryin to use the %time% variable doesn't result in a zero filled hour (before 12:00).

This is the WINBATCH code:

a=TimeYmdHms( )
logonyear=strsub(a,1,4)
logonmonth=strsub(a,6,2)
logonday=strsub(a,9,2)
logonDate=strcat(logonMonth,"/",LogonDay,"/",LogonYear)
FileLogonDate=strcat(LogonYear,logonMonth,LogonDay)
LogonTime=strcat(strsub(a,12,11),":00")

handle = FileOpen("c:\logdata\DateTime.txt", "WRITE")
FileWrite(handle,strcat("Data Logon Date$ ",LogonDate))
Filewrite(handle,strcat("Logon Time$ ",LogonTime))
Filewrite(handle,strcat("File Logon Date$ ",FileLogonDate))
FileClose(handle)

This is what the datetime.txt file looks like:

Data Logon Date$ 03/03/2008
Logon Time$ 20:59:19:00
File Logon Date$ 20080303

Here's the logon.bat file:

@Echo off

rem Created a small executable (DATETIME.EXE) using WINBATCH to capture/format current date/time and output to a text file. FOR statement searches for the values and sets them as variables.

\\mydomain\netlogon\datetime.exe

rem Use the TYPE command to list and find logon date from c:\logdata\datetime.txt
FOR /F "TOKENS=2* DELIMS=$" %%A IN ('type c:\logdata\datetime.txt ^| FIND "Data Logon Date"') DO FOR %%B IN (%%A) DO SET logondate=%%B

rem Use the TYPE command to list and find the logon time from c:\logdata\datetime.txt
FOR /F "TOKENS=2* DELIMS=$" %%A IN ('type c:\logdata\datetime.txt ^| FIND "Logon Time"') DO FOR %%B IN (%%A) DO SET logontime=%%B

rem Use the TYPE command to list and find the logon time from c:\logdata\datetime.txt used to create the centrally stored CSV file (accessdata_yyyymmdd.txt)
FOR /F "TOKENS=2* DELIMS=$" %%A IN ('type c:\logdata\datetime.txt ^| FIND "File Logon Date"') DO FOR %%B IN (%%A) DO SET filelogondate=%%B

Rem Use IPConfig /all command to list and find the last IP address from the list
FOR /F "TOKENS=2* DELIMS=:" %%A IN ('IPCONFIG /ALL ^| FIND "IP Address"') DO FOR %%B IN (%%A) DO SET IPADDR=%%B

Rem Use IPConfig /all command to list and find the MAC ADDRESS
FOR /F "TOKENS=2* DELIMS=:" %%A IN ('IPCONFIG /ALL ^| FIND "Physical Address"') DO FOR %%B IN (%%A) DO SET macaddress=%%B

Rem create the logdata dirtory if it doesnt exist
if not exist c:\logdata md c:\logdata

Rem execute this NET statement to get group membership information for the user
net user %username% /domain>c:\logdata\logondata.txt

REM These series of statements search the file created in the last step for a matching group name. Based on that information
rem the department and division information is set

:check1
find /i "Dept_Finance" c:\logdata\logondata.txt>nul
if errorlevel 1 goto check2
set department=Finance Department
set division=Finance Division
goto EndDept

:check2
find /i "Dept_Payroll" c:\logdata\logondata.txt>nul
if errorlevel 1 goto check3
set department=Payroll Departments
set division=Finance Division
goto EndDept

:check3
find /i "Dept_Purchasing" c:\logdata\logondata.txt>nule
if errorlevel 1 goto enddept
set department=Purchasing Department
set division=Finance Division

Rem Additional department determinates inserted here adjusting the goto statements as necessary

:enddept
rem delete local copy of last logon or logoff information - only the most current session information is used.
if exist c:\logdata\AccessInfo.txt del c:\logdata\AccessInfo.txt /q

rem create the local logon or logoff data for this specific logon/logoff
echo %logondate%, %logontime%, logon, %username%, %computername%, %IPADDR%, %MACADDRESS%, %division%, %department%>>C:\LogData\AccessInfo.txt

rem create a record in the centrally stored file of logons for the day - separate file for each day. Uses variables defined through the rest of the batch file
rem except for the constant "Logon" to identify logons. A separate batch file (logoff.bat) is exactly the same except it changes the constant from "LOGON" to "LOGOFF"
echo %logondate%, %logontime%, logon, %username%, %computername%, %IPADDR%, %MACADDRESS%, %division%, %department%>>\\StorageServer\commondata$\Accessinfo_%filelogondate%.csv

rem SQL statement to update the database using the locally stored file as input so the current logon or logoff is updated.
\\MyDomain\NETLOGON\logparser.exe "select * INTO LogonLogoff from c:\LOGDATA\AccessInfo.txt" -i:CSV -o:SQL -server:LogServer\instancename -database:LogonLogoffLog -driver:"SQL Server" -username:LogUser -password:LogPassword -createtable:OFF -headerrow:off > c:\logdata\sqlresultson.txt

03-04-2008, 10:57 PM In reply to

qbernard
Joined on 03-25-2003, 10:12 PM
Malaysia
Posts 2,203

Re: Scripts to capture logon/logoff works fine-does not work if run as a group policy logon/logoff script

Reply Contact

Interesting, if you pipe the output of each step....is there more information? was it stuck at LP or sql portion?

Cheers,
Bernard Cheah

03-04-2008, 11:29 PM In reply to

BobJ
Joined on 03-04-2008, 3:26 AM
Posts 3

Re: Scripts to capture logon/logoff works fine-does not work if run as a group policy logon/logoff script

Reply Contact

I haven't piped the output at each step yet. I've made the assumption that everything up to that point works properly because the contents of the file that the SQL step reads as input appears to be properly formatted.

Since I wasn't having luck with the SQL statement within the logon/logoff script, I've temporarily set up a scheduled task to read the centrally located file that all output is written to (in addition to the local file) and using the same SQL statement from the batch file and it works fine. It just doesn't seem to like being executed from within the login script.

It seems like it can't be a file permission issue with the file being read - that was created by the same process. Some other permission/rights problem?

If I get a chance tomorrow, I'll pipe everything, just to be sure.

Thanks.

03-05-2008, 12:40 AM In reply to

qbernard
Joined on 03-25-2003, 10:12 PM
Malaysia
Posts 2,203

Re: Scripts to capture logon/logoff works fine-does not work if run as a group policy logon/logoff script

Reply Contact

Agreed. could be permission related when the logon scripts being execute.. hence if you can capture the output of each steps, that might helps.

Cheers,
Bernard Cheah

Page 1 of 1 (6 items)