New
#11
Excellent.
Ok. More of the right kind of info. It does not clearly state which user logged on. I am reading this correct? My account name is not mentioned there. Thx
I will create a socond user on my laptop, then do more tests
Ok. Positive progress. Created a new user. Logged on. Logged off. Logged in with current account. I see that in the txt file and also a lot of other info. Way too much... How do I extract only the log/off events. Thank you
What/how are you creating the file? Are you using PsLogList or a different tool? You're going to need some way to parse the output to extract just the info you want. Powershell will do this but I have no experience with it. Might be able to do it with a batch file but it would take a fair amount of trial and error to get it working.
Hopefully someone else (karlsnooks?) will have a suggestion.
antcs,
To produce a list of all users with their log on times and their log off times turns out to be non-trivial.
I can give you a script showing the last loon times with the user name, but for reasons that I do not understand the last logoff time is not there, i.e., not a valid string.
Otherwise, I'd recommend visiting some of the powershell forums and posing you question there.
Thx. Not sure what "loon times" mean. I suspect typeO. That script would be just great. As I understand it... (as my client has explained) he wants to know who was logged on at the time that a certain change was made. The grow fresh produce in huge green houses. They pack for our local market and international. The software controlles heating, venting, water, tempratures and around 70 more variables. It so happend that they lost a crop the other day due to too much water. Now measures needs to be put in place to prevent that event again. Offcourse, no-one would take responsability for the change. If he had a way to pinpoint the user that was logged on at the time it gives him a good place to start.
I do thank you for your efforts
I agree the easiest way would be to use a logon & logoff script via Group Policy to create a log file. I would then recommend setting permissions on the log file to prevent anyone from changing it to cover there tracks although I not sure what permissions will allow or prevent the scripts from working.
I created a basic batch file using a reference from the link in the quote. Copy the code below to a batch file.
You actually only need one of the lines starting with "echo" but I have given 2 examples of different formatting and 1 that outputs to a CSV file (Comma Delimited) for use with a spreadsheet application. Check the attached image for a preview.Code:@echo off if not exist c:\Logs md c:\Logs echo Logon: %date% %time:~0,5% %UserName%>> c:\Logs\HistoryBasic.txt echo Logon,"%date:~0,3%, %date:~4,2%/%date:~7,2%/%date:~10,4%",%time:~0,5%,%UserName%>> c:\Logs\History.csv echo Logon: %date:~0,3%, %date:~4,2%/%date:~7,2%/%date:~10,4% %time:~0,5% %UserName%>> c:\Logs\History.txt
This is the logon script, for the logoff script change logon to logoff and save as 2 seperate files.
If you would like different formatting and don't know how to change it I can also help with that.
On WinXP I'm not sure if PowerShell was an optional update or would have been auto installed so you might want to check that before continuing with PowerShell scripts, although it's easy to install.
@karlsnooks
Still post your script.
EDIT: Modified the code above because I had it set to echo the full name of the day as you can see in my screenshot but just found out it doesn't work to well for Saturday because the short version of it is Sat so it logs as Satday. Only Sunday, Monday and Friday will work.
History.txt and HistoryBasic.txt are now the same except a comma after the day.
If you would like it to read Saturday, Sunday etc.. then I could work some if statements in there to check what the day is first and set a variable to echo instead.
Last edited by Duzzy; 20 Apr 2012 at 13:10. Reason: See EDIT
antcs,
# run PowerShell as an ADMINISTRATOR
# LAST LINE ($data) MUST BE FOLLOWED BY TWO CARRIAGE RETURNS!
# Simply copy and paste (You paste into PowerShell by clicking on right mouse button
# You can delete all of these lines which start with a # aforehand if desired
# a period indicates this computer, use actual name if desired
# $data defined as empty array
# match will compare against a 'regular' expression
# if match exist, returns true, result placed in $matches array
$a = "."
$data = @()
$NetLogs = Get-WmiObject Win32_NetworkLoginProfile -ComputerName $a
foreach ($NetLog in $NetLogs) {
if ($NetLog.LastLogon -match "(\d{14})") {
$row = "" | Select Name,LogonTime,numberoflogons
$row.Name = $NetLog.Name
$row.numberoflogons = $netlog.numberoflogons
$row.LogonTime=[datetime]::ParseExact($matches[0], "yyyyMMddHHmmss", $null)
$data += $row
}
}
$data
#end of script