2

I'm looking for a way to display an input dialog upon login to a production server, asking the user to indicate the reason of the login. I was thinking maybe there's a way in Windows to do it that is similar to the Shutdown dialog that is displayed whenever a server is restarted.

I've looked in the Group Policy but couldn't find anything useful. I know this can be done by a script but I was looking to see if there's any integrated way in Windows before I start writing it.

Thanks

Hadas
  • 59
  • 5
  • 1
    There's nothing, by default, available in Group Policy to do this. How are your Powershell chops? Also, how are you planning to "store" the responses provided? – jscott Jul 26 '13 at 02:17
  • I can go with Powershell (although it's been a while...) and yes I plan to store the responses, preferably in the Event Viewer. – Hadas Jul 26 '13 at 02:21
  • 3
    Can I just type a period or a space character for my reason, just like I do for the real Windows dialogs that ask me why I'm rebooting the server? :) – Ryan Ries Jul 26 '13 at 02:32
  • You can, but then we'll have nice talk in the next team meeting :) – Hadas Jul 26 '13 at 02:37
  • 1
    Why not just audit logon events, make everyone use a named account, and parse the Security event log? – joeqwerty Jul 26 '13 at 02:57
  • I wonder if you can do something similar to the "computer shut down unexpectedly" prompt you get on login to a computer that did just that. Something that would call the same type of window/box with options that write to the system event log. – TheCleaner Jul 26 '13 at 02:58
  • 2
    joeqwerty, because I'm trying to get the users to document the reason of the login. we're already using named accounts. – Hadas Jul 26 '13 at 03:01

2 Answers2

3

I ended up writing the following VBScript and set it to run on Logon in the GPO 

' Display an input dialog asking the reason for a login and writes it to the event viewer with information of the user.

Const EVENT_TYPE = "Information" 'Available Values: Success, Error, Warning, Information
Const EVENT_SOURCE = "LoginAudit" 'Setting the event source requires that the script runs with administrative privileges

firstname = GetUserFirstname()
username = GetUsername()

loginReason = ""
Do While (loginReason = "")
    loginReason = InputBox("Hi " + firstname + ", please describe the reason of your login:", "Login Audit")
Loop

eventDescription = "User '" & username & "' logged in, providing the following reason: " & Chr(13) & Chr(13) & loginReason

Set WshShell = WScript.CreateObject("WScript.Shell")
strCommand = "eventcreate /T " & EVENT_TYPE & " /ID 100 /L Application /SO LoginAudit /D " & _
    Chr(34) & eventDescription & Chr(34)
WshShell.Run strcommand

Function GetUserFirstname()
    Set objSysInfo = CreateObject("ADSystemInfo")
    Set objCurrentUser = GetObject("LDAP://" & objSysInfo.UserName)
    GetUserFirstname = objCurrentUser.givenName
End Function

Function GetUsername()
    Set objNetwork = CreateObject("Wscript.Network")
    GetUsername = objNetwork.UserName
End Function
Hadas
  • 59
  • 5
1

I was looking to see if there's any integrated way in Windows before I start writing it.

No, there isn't. You're going to have to write it yourself I'm afraid. There might be a third party application that does what you want, but I'm afraid product/service recommendations are off topic here on Server Fault.

Bryan
  • 7,628
  • 15
  • 69
  • 94
  • Thanks I was hoping for something out of the box but I ended up writing a script eventually. – Hadas Jul 26 '13 at 15:32