Profile log in record

Excellent.

What/how are you creating the file? Are you using PsLogList or a different tool? You're going to need some way to parse the output to extract just the info you want. Powershell will do this but I have no experience with it. Might be able to do it with a batch file but it would take a fair amount of trial and error to get it working.

Hopefully someone else (karlsnooks?) will have a suggestion.

antcs,
To produce a list of all users with their log on times and their log off times turns out to be non-trivial.

I can give you a script showing the last loon times with the user name, but for reasons that I do not understand the last logoff time is not there, i.e., not a valid string.

Otherwise, I'd recommend visiting some of the powershell forums and posing you question there.

Ztruker said:

Found this: How do I view login history for my PC using Windows 7

The best way is to create a logon/logoff script that is run when each user does either. It can record the logon/logoff info in a file somewhere.

I agree the easiest way would be to use a logon & logoff script via Group Policy to create a log file. I would then recommend setting permissions on the log file to prevent anyone from changing it to cover there tracks although I not sure what permissions will allow or prevent the scripts from working.

I created a basic batch file using a reference from the link in the quote. Copy the code below to a batch file.

Code:

@echo off
if not exist c:\Logs md c:\Logs

echo Logon: %date%   %time:~0,5%   %UserName%>> c:\Logs\HistoryBasic.txt

echo Logon,"%date:~0,3%, %date:~4,2%/%date:~7,2%/%date:~10,4%",%time:~0,5%,%UserName%>> c:\Logs\History.csv
echo Logon: %date:~0,3%, %date:~4,2%/%date:~7,2%/%date:~10,4%   %time:~0,5%   %UserName%>> c:\Logs\History.txt

You actually only need one of the lines starting with "echo" but I have given 2 examples of different formatting and 1 that outputs to a CSV file (Comma Delimited) for use with a spreadsheet application. Check the attached image for a preview.

This is the logon script, for the logoff script change logon to logoff and save as 2 seperate files.

If you would like different formatting and don't know how to change it I can also help with that.

On WinXP I'm not sure if PowerShell was an optional update or would have been auto installed so you might want to check that before continuing with PowerShell scripts, although it's easy to install.

@karlsnooks
Still post your script.

EDIT: Modified the code above because I had it set to echo the full name of the day as you can see in my screenshot but just found out it doesn't work to well for Saturday because the short version of it is Sat so it logs as Satday. Only Sunday, Monday and Friday will work.

History.txt and HistoryBasic.txt are now the same except a comma after the day.

If you would like it to read Saturday, Sunday etc.. then I could work some if statements in there to check what the day is first and set a variable to echo instead.

duzzy,
why I thank you for giving me permission to post my script.

antcs,

# run PowerShell as an ADMINISTRATOR
# LAST LINE ($data) MUST BE FOLLOWED BY TWO CARRIAGE RETURNS!

# Simply copy and paste (You paste into PowerShell by clicking on right mouse button
# You can delete all of these lines which start with a # aforehand if desired

# a period indicates this computer, use actual name if desired
# $data defined as empty array
# match will compare against a 'regular' expression
# if match exist, returns true, result placed in $matches array

$a = "."
$data = @()
$NetLogs = Get-WmiObject Win32_NetworkLoginProfile -ComputerName $a

foreach ($NetLog in $NetLogs) {
if ($NetLog.LastLogon -match "(\d{14})") {
$row = "" | Select Name,LogonTime,numberoflogons
$row.Name = $NetLog.Name
$row.numberoflogons = $netlog.numberoflogons
$row.LogonTime=[datetime]::ParseExact($matches[0], "yyyyMMddHHmmss", $null)
$data += $row
}
}
$data


#end of script