Hello,
I am trying to log the IPs of the users logging in to my AD. I don't know if the AD saves IPs of the logged in users or not, but i was asking if I can use it to produce something like that:
USERNAME LOG_DT_START LOG_DT_END IP
Administrator 2008-08-08 12:00 2008-08-08 20:00 10.0.0.30
Anyone got any idea ?
Thanks,
Remon
-
-
ZippyV
Fired Up
I'm not sure if the ip is logged but the name of the workstation certainly is. Why would you want to record ip addresses when you can get much more detailed information from AD? Check out the event log to get all this information.
Also, creating a list of login- and logoff-times is going to be more difficult than you think. AD doesn't work that way, instead when you login the workstation gets a token and you are immediatly logged off from AD's point of view. Then, when you need something from the network your workstation sends the token, AD validates it (logon) and logs you off again. -
ZippyV said:I'm not sure if the ip is logged but the name of the workstation certainly is. Why would you want to record ip addresses when you can get much more detailed information from AD? Check out the event log to get all this information.
Also, creating a list of login- and logoff-times is going to be more difficult than you think. AD doesn't work that way, instead when you login the workstation gets a token and you are immediatly logged off from AD's point of view. Then, when you need something from the network your workstation sends the token, AD validates it (logon) and logs you off again.Hey ZippyV,
Thank you for the information.
I need to login the IP to check if the user is connecting from VPN or not. I need to lock out the guys coming from VPN.
I will write the code to query from the AD. What i want to do is the kind of data above, but i want to get the AD involved so i don't write even more code.
Do you have any idea what should i do if i want to do such thing ?
Thanks,
Remon
-
Yggdrasil
Pour me a cab, 'cause I can't drink no more.
Remon said:ZippyV said:*snip*Hey ZippyV,
Thank you for the information.
I need to login the IP to check if the user is connecting from VPN or not. I need to lock out the guys coming from VPN.
I will write the code to query from the AD. What i want to do is the kind of data above, but i want to get the AD involved so i don't write even more code.
Do you have any idea what should i do if i want to do such thing ?
Thanks,
Remon
I think a simpler implementation here would be to have your VPN server assign IPs in a specific subrange, so you can easily find out if a given IP is local or VPNed. If you can't do that, I would try to see if the security token contains anything that might hint towards the origin of the user.
-
ZippyV
Fired Up
Active Directory doesn't keep enough information for what you want to do. You have to read the event log.Remon said:ZippyV said:*snip*Hey ZippyV,
Thank you for the information.
I need to login the IP to check if the user is connecting from VPN or not. I need to lock out the guys coming from VPN.
I will write the code to query from the AD. What i want to do is the kind of data above, but i want to get the AD involved so i don't write even more code.
Do you have any idea what should i do if i want to do such thing ?
Thanks,
Remon
-
Blocking on the IP range assigned by the VPN is the way to go. Although it begs the question of what the point is of providing VPN access to a network if you don't want resources available.ZippyV said:
Active Directory doesn't keep enough information for what you want to do. You have to read the event log.Remon said:*snip*
Trying to do it via AD is doomed to failure, so I'd strongly recommend abandoning that train of thought right now. -
Matthew van Eerde
AKA Maurits
What are you trying to block VPN users from doing?
Could they trivially get around the IP block by leaving their workstation on, VPN-ing in from home, Remote Desktop-ing to their workstation, and accessing the resource from their workstation?
Thread Closed
This thread is kinda stale and has been closed but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.