July 3rd, 2005, 04:00 PM
|
 |
Caution:Loderator Moose !
|
|
Join Date: May 2005
Location: India
Posts: 235
Time spent in forums: 1 Day 22 h 49 m 43 sec
Reputation Power: 6
|
|
ummm... once you set the correct policies to enable the logging of user access you can use a script like this to check the logs for just entries related to user access. Mind you i have provided a general VBScript and its up to you to modify it to your needs 
Code:
' This code displays events in an Event Log.
' ---------------------------------------------------------------
' ------ SCRIPT CONFIGURATION ------
strLog = "<LogName>" ' e.g. 'Application' or 'Security' or 'System'
intNum = <intMax> ' e.g. 50 (Max number of events to display)
strServer = "<ServerName>" ' e.g. put your server name here (use "." for local server)
' ------ END CONFIGURATION ---------
' These constants are taken from WbemFlagEnum
const wbemFlagReturnImmediately = 16
const wbemFlagForwardOnly = 32
' i use this first part to determine how many events are in the log
set objWMI = GetObject("winmgmts:\\" & strServer & "\root\cimv2")
set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile " & _
"Where Logfilename = '" & strLog & "'",, _
wbemFlagReturnImmediately + wbemFlagForwardOnly)
if colLogs.Count > 1 then
WScript.Echo "Fatal error. Number of logs found: " & colLogs.Count
WScript.Quit
end if
for each objLog in colLogs
intLogMax = objLog.NumberofRecords
next
if intLogMax > intNum then
intNum = intLogMax - intNum
else
intNum = intLogMax
end if
' Now I get all of the events up to total of intNum
set colEvents = objWMI.ExecQuery("Select * from Win32_NTLogEvent " & _
"Where Logfile = '" & strLog & "' and RecordNumber >= " & _
intNum,,wbemFlagReturnImmediately + wbemFlagForwardOnly)
for each objEvent in colEvents
Wscript.Echo "Date: " & objEvent.TimeWritten
Wscript.Echo "Source: " & objEvent.SourceName
Wscript.Echo "Category: " & objEvent.Category
Wscript.Echo "Type: " & objEvent.Type
Wscript.Echo "Event Code: " & objEvent.EventCode
Wscript.Echo "User: " & objEvent.User
Wscript.Echo "Computer: " & objEvent.ComputerName
Wscript.Echo "Message: " & objEvent.Message
WScript.Echo "------"
next
or you can make little custom scripts to do specific tasks like
Code:
' This code prints the last logon timestamp for a user.
' ---------------------------------------------------------------
' ------ SCRIPT CONFIGURATION ------
strUserDN = "<UserDN>" ' e.g. cn=david,ou=soccer,dc=davidbeckham,dc=com
' ------ END CONFIGURATION ---------
set objUser = GetObject("LDAP://" & strUserDN)
set objLogon = objUser.Get("lastLogonTimestamp")
intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
intLogonTime = intLogonTime / (60 * 10000000)
intLogonTime = intLogonTime / 1440
WScript.Echo "Approx last logon timestamp: " & intLogonTime + #1/1/1601#
cheers 
|
ASP Free Forums Sponsor:
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
