If you have the need to log information that may be relevant relating to auditing access to a domain through various workstations. Perhaps, a logon script that logs the current user account, time, computer name, IP and MAC address would be relevant. This type of logging could be implemented through logon scripts which could keep track of the logged on user account, times a computer is being used.
Below is a basic script that utilities the wmic command to access the IP and MAC address of the machine that the Logon_History.bat file is ran on.
for /f “skip=1 delims={}, ” %%A in (‘wmic nicconfig get ipaddress’) do for /f “tokens=1” %%B in (“%%~A”) do set “IP=%%~B”
echo %IP%
@echo off
set tdate=%date: =%
set tdate=%tdate:/=%
set ttime=%time::=%
set ttime=%ttime:.=%
set ttime=%ttime: =%for /f “skip=1 delims={}, ” %%A in (‘wmic nicconfig get ipaddress’) do for /f “tokens=1” %%B in (“%%~A”) do set “IP=%%~B”
echo %IP%for /f “skip=1 delims={}, ” %%A in (‘wmic nicconfig get macaddress’) do for /f “tokens=1” %%B in (“%%~A”) do set “MAC=%%~B”
echo %MAC%echo %ComputerName%, %tdate%-%ttime%, %username%, %IP%, %MAC% >> “\\server\userfolder$\My Documents\Logon_History.txt”
@echo off
set tdate=%date: =%
set tdate=%tdate:/=%
set ttime=%time::=%
set ttime=%ttime:.=%
set ttime=%ttime: =%for /f “skip=1 delims={}, ” %%A in (‘wmic nicconfig get macaddress’) do for /f “tokens=1” %%B in (“%%~A”) do set “MAC=%%~B”
echo %MAC%echo %ComputerName%, %tdate%-%ttime%, %username%, %IP%, %MAC% >> “\\server\userfolder$\My Documents\Logon_History.txt”
This could with further revisions could be used to implement a MySQL based logon system where all the information collected is stored in a searchable database.