Sorry for bad formatting, but I'm using wordpress for bloging now and this is just copy paste without any additional work. You can view this post here for better looks: http://www.pupils.lt/?p=447
So how are we going to track user logon information?
Answer is by implementing user logon logoff scripts in Group Policy.
Steps
1) Share a directory on network where logs will be saved.
Share a folder with full access permissions for everyone, as well as full NTFS permissions for users which you want to log. It is recommended that you make a hidden share \\server\share$\. In this scenario I will use 2 folders in shared location, one for computers \\server\share$\computers\ and another for users \\server\share$\users\.
2) Create a .bat file with necessary commands for logon and logoff events.
a) Create logon.bat with the contents below and put it in the \\server\share$\logon.bat
ver >>\\server\share$\computers\%computername%.txt
echo %username% logged on %date% - %time% >>\\server\share$\computers\%computername%.txt
ipconfig /all |findstr Address >>\\server\share$\computers\%computername%.txt\\server\share$\users\%username%.txt
echo %computername% logged on %date% - %time% >>\\server\share$\users\%username%.txt
ipconfig /all |findstr Address >>\\server\share$\users\%username%.txt
First command returns OS version and writes it to computer_name.txt on your share.
Second command writes username of logged on user with the date when the script was run and writes it to computer_name.txt on your share.
Third command returns IP and Mac addresses of network connections and also writes them to computer_name.txt on your share.
Next three commands do exactly the same as above, but writes all info into user_name.txt files \\server\share$\users
b) Create logoff.bat with the contents below and put it in the \\server\share$\logoff.bat
echo %username% logged off %date% - %time% >>\\server\share$\computers\%computername%.txtecho %computername% logged off %date% - %time% >>\\server\share$\users\%username%.txt
Of course you can modify .bat files to suit your needs.
3) Enable .bat files to run on user logon and logoff via Group Policy.
Now we need to make those .bat files run every time users logon and logoff.
Open Group Policy Management, Create and Link GPO to the OU where targeted users reside. Now right click that that GPO and choose Edit. Navigate to User Configuration\Windows Settings\Scripts Logon/Logoff double click on Logon and then Add, browse for logon.bat (\\server\share$\logon.bat) and click OK two times. Now open Logoff click Add and navigate for logoff.bat (\\server\share$\logoff.bat) and click OK two times.
All set. To test it firs update group policy on a target computer with gpupdate /force command. Then logoff and logon with a test user which resides within the OU where your GPO applies.
If your test users is A.Test and computer TESTXP you should get 2 files created:
\\server\share$\computers\TESTXP.txt with the following contents:
Microsoft Windows XP [Version 5.1.2600]
A.test logged on 2011.06.28 - 11:45:14,44
Physical Address. . . . . . . . . : 00-0C-0C-60-C2-FA
IP Address. . . . . . . . . . . . : 192.168.1.15
A.test logged off 2011.06.28 - 11:45:50,35
and \\server\share$\users\A.test.txt with the following contents:
Microsoft Windows XP [Version 5.1.2600]
TESTXP logged on 2011.06.28 - 11:45:15,82
Physical Address. . . . . . . . . : 00-0C-0C-60-C2-FA
IP Address. . . . . . . . . . . . : 192.168.1.15
TESTXP logged off 2011.06.28 - 11:45:50,37