Track Windows User Login History

There have probably been cases when you needed to track down a potential security breach or perhaps you had managers come to you because they suspected employees weren’t working quite as hard as they should be. In any case, it was important that you figure out the amount of time the users logged onto a computer interactively in your Active Directory domain.
Being the excellent administrator you are, you might have gotten on Google and tried to figure this out; if so, you’d soon find that it’s possible to get Windows to write events to the Security event log after a user logs on and logs off. “Great,” you think. “All I need to do now is to grab those two events and figure out the difference to get the total session time.” After digging a little deeper though, you’d soon realize that it’s not quite that easy. It’s possible for a session to be more than a simple user logon and logoff. What if the computer crashes? What if the user decides just to pull the plug? What if they’re using Remote Desktop Protocol (RDP) to log into a server? These different scenarios may come into play, and you may need to account for them.
Read the full article at 4SysOps.

Adam Bertram

Chief Automator at Adam the Automator, LLC
Adam Bertram is an independent consultant, technical writer, trainer and presenter. Adam specializes in consulting and evangelizing all things IT automation mainly focused around Windows PowerShell. Adam is a Microsoft Windows PowerShell MVP, 2015 powershell.org PowerShell hero and has numerous Microsoft IT pro certifications. He authors IT pro course content for Pluralsight, is a regular contributor to numerous print and online publications and presents at various user groups and conferences.You can find Adam here on the blog or on Twitter at @adbertram.

Leave a Reply