page 1 of 1
Comments: 6 | Views: 632
#Aug 9th @ 1:51 PM
Remon
Remon

Hello,
    I am trying to log the IPs of the users logging in to my AD. I don't know if the AD saves IPs of the logged in users or not, but i was asking if I can use it to produce something like that:
USERNAME        LOG_DT_START    LOG_DT_END           IP
Administrator    2008-08-08 12:00   2008-08-08 20:00    10.0.0.30

Anyone got any idea ?
Thanks,
Remon

#Aug 9th @ 3:48 PM
ZippyV
ZippyV
Soapbox = Fail
I'm not sure if the ip is logged but the name of the workstation certainly is. Why would you want to record ip addresses when you can get much more detailed information from AD? Check out the event log to get all this information.

Also, creating a list of login- and logoff-times is going to be more difficult than you think. AD doesn't work that way, instead when you login the workstation gets a token and you are immediatly logged off from AD's point of view. Then, when you need something from the network your workstation sends the token, AD validates it (logon) and logs you off again.
#Aug 11th @ 12:35 AM
Remon
Remon

Hey ZippyV,

   Thank you for the information.

I need to login the IP to check if the user is connecting from VPN or not. I need to lock out the guys coming from VPN.

I will write the code  to query from the AD. What i want to do is the kind of data above, but i want to get the AD involved so i don't write even more code.

Do you have any idea what should i do if i want to do such thing ?

Thanks,

Remon

#Aug 11th @ 1:33 AM
Yggdrasil
Yggdrasil
Pour me a cab, 'cause I can't drink no more.

I think a simpler implementation here would be to have your VPN server assign IPs in a specific subrange, so you can easily find out if a given IP is local or VPNed. If you can't do that, I would try to see if the security token contains anything that might hint towards the origin of the user.

#Aug 11th @ 12:46 PM
ZippyV
ZippyV
Soapbox = Fail
Active Directory doesn't keep enough information for what you want to do. You have to read the event log.
#Aug 11th @ 1:10 PM
AndyC
AndyC
Blocking on the IP range assigned by the VPN is the way to go. Although it begs the question of what the point is of providing VPN access to a network if you don't want resources available.

Trying to do it via AD is doomed to failure, so I'd strongly recommend abandoning that train of thought right now.
#Aug 12th @ 1:34 PM
Matthew van Eerde
Matthew van Eerde
AKA Maurits
What are you trying to block VPN users from doing?

Could they trivially get around the IP block by leaving their workstation on, VPN-ing in from home, Remote Desktop-ing to their workstation, and accessing the resource from their workstation?
page 1 of 1
Comments: 6 | Views: 632