Another Way to Find out Which Student was Using Which Workstation, When

Novell Cool Solutions: Trench
By Don Johnston

Digg This - Slashdot This Posted: 10 Feb 2005

A previous Cool Solution article about a method of managing patching posted last summer provided the kickstart for the following, possibly slightly cooler, solution on this subject that addresses the comments to the original article.

There are two log files written at login and logout. One log file is named with the user's login name and gets placed in G:\Config\Logs\User. The other is named to match the workstation name and is written to G:\Config\Logs\PC. This way if I know what workstation I am interested in, and I don't know who was using it, I can look in the workstation log. If I know who I am interested in and want to know which computer they were using at a certain time, I can look in the log file bearing their name. The logs append and grow but in 6 months with 700 computers and 2000 users they are taking less than 25 MB. They can be deleted at any time and will recreate when someone logs in. I plan to delete them before the start of each school year.

Our environment is NetWare servers, Windows XP and students are members of the USERS group on the workstation as set by DLU. IPs are assigned static to a specific workstation. Workstation names include their room number plus the last half of their IP address so we know where the computer is located and which one it is. Users each have their own individual Novell login account. WinXP policies are set to prevent users from browsing to the server location the log files are saved in.

Our workstation policy package has a policy scheduled to run at login that runs this batch file:

@echo off
rem The following line creates a rolling log file of usage of workstation
by user.
echo Log In %Date% %TIME% %NWUSERNAME% >>
\\server_name\VOL1\Config\Logs\PC\%COMPUTERNAME%.log 
 
rem The following line creates a rolling log file of usage by user
echo Log In %Date% %TIME% %COMPUTERNAME% >>
\\server_name\VOL1\Config\Logs\USER\%NWUSERNAME%.log 
exit

Our workstation policy package has another policy scheduled to run at logout that runs this batch file:

@echo off
rem The following line creates a rolling log file of usage of workstation
by user.
echo Log Out %Date% %TIME% %NWUSERNAME% >>
\\server_name\VOL1\Config\Logs\PC\%COMPUTERNAME%.log 
 
rem The following line creates a rolling log file of usage by user
echo Log Out %Date% %TIME% %COMPUTERNAME% >>
\\server_name\VOL1\Config\Logs\USER\%NWUSERNAME%.log 
exit

These batch files are located in G:\Config\Logs
Rights to this folder are rwcmf

The result that is written to a workstation's log file looks like this:

Log In Mon 09/20/2004  9:36:44.46 mickensj 
Log Out Mon 09/20/2004 10:02:33.75 mickensj

The result that is written to a user's log file looks like this:

Log In Thu 07/08/2004 12:52:15.90 A102_4_109  
Log Out Thu 07/08/2004 13:34:58.20 A102_4_109 

Hope this helps someone.

Reader Comments

• Thanks for the useful batches. It is useful to add language to your Acceptable Use Policy making students and staff responsible for actions taken with their account. In other words if they don't log out, or let their password leak then they can still be heald accountable for the actions taken with their account. We also set the passwords for our students and don't let them change them. All in all this is a very useful tip.
• actually, for the rights, you could take away Read and Filescan, so that user's couldn't go into it and change it to cover their tracks...
• Nice trick but this would only work if the students do not share their account passwords and are properly trained to lock out or log off the workstation when leaving their desk. In order to make this really work you wil need a surveilance video camera in the room. Then you can tell for sure that the username and actual user are matching...
• For some of the security reasons listed it wouldn't be difficult, most-likely, to write something to access a website (super-simple PHP script) that writes information sent to it to a DB. At the very worst something could be coded to make the HTTP GET directly to the server with the username, time, hostname and IP address. An interesting project to start on sometime soon. If using *nix you can configure syslog to forward to a central logging server and then just use the logger command to write to the log on bootup. No way to lose that data b/c of user cleverness unless they hack the logging server.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com