Simple User Logon Logoff Logging on a Windows Domain

I like simple scripts, and this one is so obvious – I wonder why I didn’t think of it:

First, create a folder on your server, and share it as logon$. Make sure that users are given read and write access in the share properties, and in the folder security settings.

Create the following logon scripts and add them to the logon / logoff scripts as appropriate. Both scripts are ONE LINE ONLY.


echo logon,%COMPUTERNAME%,%USERNAME%,%DATE%,%TIME% >> \\server1\logon$\Logon.csv


echo logoff,%COMPUTERNAME%,%USERNAME%,%DATE%,%TIME% >> \\server1\logon$\Logon.csv

Once done, you can load the file into a program such as Excel and easily manipulate the data to find what you are looking for.

Naturally, change the name server1 to your server name. It’s a simple way to log users accessing workstations so that you know who as logged on where.

I was considering doing the same with a database and VBscript – which would inevitably slow down the logon process. This should make things wonderfully simple.

I settled on keeping the log file the same for logons and logoffs, as it seems sensible to track these in the same file. If you seperate them and say, want to find out how long a user has been logged on for, then you have to start dealing with too many seperate files.

  • Normajm

    I created these two files and put them in c:/windows/sysvol/domain/scripts. Then on the DC which is SBS 2003 sp1 and added via browse to User Configuration-> Windows Settings-> Scripts (Logon/Logoff)-> Logon in the respective areas. Note, the second file I used “echo logoff” instead of “echo logon”. The log file is fully shared with domain admin and users with full permissions. Using a local workstation I can remote into the DC and get logon and logoff logs, but I don’t get any entries if I just logon and logoff the domain as a normal user from the location workstation. Any suggestions?

  • John

    Thanks for the heads up on the “echo logoff” command. I’ve corrected the post re update this.

    As for your problem with the log not updating, two things pop into my head:

    1) Are both the shared folder AND the folder permissions set to allow read/write access to users?

    2) Check that the logon script is being ran with the user account that you logon with.

    To do this, logon to a Windows XP machine that should be using the script. Then…

    • Load the resultant set of policy tool by clicking ‘Start’, ‘Run’, and type mmc.
    • Next click ‘File’, ‘Add/Remove Snap-in’.
    • Click ‘Add…’, select ‘Resultant Set of Policy’, and click ‘Add’, then click ‘OK’.
    • Right-click on the ‘Resultant Set of Policy’ snap-in, and click ‘Generate RSoP data’.
    • Keep clicking ‘Next’ until the data is generated.

    You’ll see a group-policy style layout showing you what settings have been applied. If the logon script has been applied successfully, then you should be able to see it in the User Configuration area of the console.

  • Heather

    Hi John, I am having the same problem as Normajm. The only thing I can think of is the folder that the file is to be written to defaults to read only in the properties (general tab), but in actual fact, anyone can write to that folder. I have given everyone full control in the securities tab and made everyone the owner of the folder as well.
    I have run the mmc check above & the script has definitely been applied.
    It writes for the server, but not for any other machine/login. Can you give me an idea what to try next please?

  • Heather

    I moved the files into the Group Policy’s logon logoff folders and it’s working.

  • John

    Glad that you got it working. It seems a little odd that it wasn’t working, even though you set the share permissions.

    Anyway, if someone else has trouble it might be worth just trying to run the script from the command line to see if there is any error (such as access denied). This would probably help to find what the problem is.

  • Mun


    could someone go in details on how it can be done especially when u add it the group policy etc..


  • John

    Hi Mun, I suppose that in itself is another post! Keep your eyes peeled and I’ll get something put together.

    There’s obviously a need for this kind of thing!

  • Romanus


    Here is a same kind of thread which has more info on user logon tracking

  • News Bird


    This code is great it works fine.
    I wanted to track the customer spending time on my machines. So I’ve applied this script in both logon/logoff events as well as Startup / Shutdown events.

    But I’ve another problem. When the system is hibernated this script won’t work for both logon and logoff. Because hibernation event is not availalbe in group policy. Is there any way I can track the time even when hibernated and wake up from hibernation?

    Thanks in Advance