Step 1: Create the login script
In the Domain Controller locate C:\Windows\SYSvol\sysvol\[domain].com\scripts. You can also do this via 'My Computer'. Replace [domain] with the name of the domain your workstations log into.
On the File menu, you can create a new folder to maintain all your Netlogon files. In this folder also create a 'New Text Document'.
Double-click the 'New Text Document' icon to open it in Notepad.
Enter the any commands as required.
Click om the 'File' menu, and select 'Save As'. This pulls up the 'Save As' dialog box. Change the 'Save as type' to 'All Files' and save this file with the name user1_logon.bat.
Exit Notepad and 'My Computer'
Step 2: Assign the login script to a particular domain user
In your 'Server Manager' go to 'Tools' and click on 'Active Directory Users and Computers'.
In the 'Active Directory Users and Computers' snap-in, click the Users folder in the Tree pane.
Select the user you want to add the login script for. Right click and select 'Properties'. In the 'Logon script' text box, type 'user1_logon.bat'. Click 'OK'.
You can repeat this procedure for every user you want to assign the login script to.
Step 3: Access your Netlogon files and understand common Netlogon codes
You can view your Netlogon files by entering the following command in the 'Run' Dialog box.
Below is a snippet of the Netlogon log file for a user showing a successful LOGON event.
Here Folder name is the name of the folder you created to store your Netlogon files.
Here are a few codes you can use to understand the LOGON activity in a user's log file.
|0xC000006D||Unsuccessful attempt to login due to bad username|
|0xC0000072||Disabled user account|
|0xC000006F||Unsuccessful login attempt due to time restrictions|
|0xC0000071||An account's password has expired|
|0xC000006A||Incorrect password entered|
|0xC000006C||Password policy has not been followed|
|0xC0000224||Password must be changed before the first login attempt|
|0xC000006E||Login has failed due to user account restrictions|
|0xC0000193||User account has expired|
|0xC0000234||User account has been automatically locked|
|0xC0000064||User does not exist|
Does native auditing become a little too much?
Simplify logon event auditing and reporting with ADAudit Plus.Get Your Free Trial Fully functional 30-day trial
Active Directory Auditing just got easier!
ADAudit Plus comes bundled with more than 300 predefined reports that makes your AD auditing easier. The solution also sends real-time alerts for critical events and thereby help you to secure your network from threats and boost your IT security posture. Check out the capabilities of ADAudit Plus here.
Download ADAudit Plus