Profile log in record

[Antcs]

Hi to all.

I had a question from a clinet that I can not answer. I there a way to tell when a user has looged on. We have a PC, 4 profiles with passwords. Is there a way to draw a report to state that user A logged on at 8. 21 and logged off at 09 00. User B on at 10.00 and off at 10 40. and so on, sure you get my drift... Is it kept in the registry? How will we do this if Windows does not keep a record.

This pc has quite important environmetal control software on and the owner needs to keep tract of who made chages at what time.

All you clever people out there, Please assist.
Thx

 

[Ztruker]

Found this: How do I view login history for my PC using Windows 7

The best way is to create a logon/logoff script that is run when each user does either. It can record the logon/logoff info in a file somewhere.

The logon/logoff info is recorded in Event Viewer but it would be cumbersome at best to view it that way. I'd recommend downloading PSTools and using PSLogList to extract the records you want, write them to a file and process them to generate a chart or whatever output you need.

Edit: psloglist security will dump the security log which is where logon and logoff info is stored.

 

[Antcs]

Thank you. I have no idea how to do this, yet. I will give it my full attention.

 

[Antcs]

Had a quick run at this. In CMD mode, view info but my pc only generate errors. How will I write to a file?
thx

 

[karlsnooks]

Antcs,
Actually, using the EventViewer isn't bad at all.

Now let me find my writeup on that which I wrote for another purpose but which shows what you want.

I'm uploading a zip file for you. Somewhere I've got still another writeup.

View attachment EVENTVIEWER - WindowsValidationCheck.zip

 

[karlsnooks]

And here is PowerShell script which will give you the info:

get-eventlog -LogName Application -InstanceId 1073745925 |
Select-Object TimeWritten, Message

I do not know if you are familiar with PowerShell, however, Powershell comes with your Win 7.

 

[Antcs]

Wow, you guys a helpful indeed. One issue, that pc is on winxp sp3. Software from Holland not compatible with windows 7. I tested the result and got the following... Txt file attahed.

I log on almost everyday. Well, try to atleast LOL. Why my info so outdated.
I have little if any knowledge of Powershell.

 

[Antcs]

Hi Played around there somewhat. got more info out of it... I will take some time to look at it closely. Thank you

 

[karlsnooks]

Excellent. Every time you login, the data and time is recorded and at the same time Win7 verifies that the version is valid.

You might want to consider cleaning out your event logs while playing around with the program (just looking at the login dates in the .txt file).

View attachment Clear Event Logs Using a Batch File.zip

 

[Antcs]

Clearlogs.bat. Done. restarting pc and logging in. will update

 

[karlsnooks]

Excellent.

 

[Antcs]

Ok. More of the right kind of info. It does not clearly state which user logged on. I am reading this correct? My account name is not mentioned there. Thx

 

[Antcs]

I will create a socond user on my laptop, then do more tests

 

[Antcs]

Ok. Positive progress. Created a new user. Logged on. Logged off. Logged in with current account. I see that in the txt file and also a lot of other info. Way too much... How do I extract only the log/off events. Thank you

 

[Ztruker]

What/how are you creating the file? Are you using PsLogList or a different tool? You're going to need some way to parse the output to extract just the info you want. Powershell will do this but I have no experience with it. Might be able to do it with a batch file but it would take a fair amount of trial and error to get it working.

Hopefully someone else (karlsnooks?) will have a suggestion.

 

[karlsnooks]

antcs,
To produce a list of all users with their log on times and their log off times turns out to be non-trivial.

I can give you a script showing the last loon times with the user name, but for reasons that I do not understand the last logoff time is not there, i.e., not a valid string.

Otherwise, I'd recommend visiting some of the powershell forums and posing you question there.

 

[Antcs]

Thx. Not sure what "loon times" mean. I suspect typeO. That script would be just great. As I understand it... (as my client has explained) he wants to know who was logged on at the time that a certain change was made. The grow fresh produce in huge green houses. They pack for our local market and international. The software controlles heating, venting, water, tempratures and around 70 more variables. It so happend that they lost a crop the other day due to too much water. Now measures needs to be put in place to prevent that event again. Offcourse, no-one would take responsability for the change. If he had a way to pinpoint the user that was logged on at the time it gives him a good place to start.

I do thank you for your efforts

 

[Duzzy]

Found this: How do I view login history for my PC using Windows 7

The best way is to create a logon/logoff script that is run when each user does either. It can record the logon/logoff info in a file somewhere.

I agree the easiest way would be to use a logon & logoff script via Group Policy to create a log file. I would then recommend setting permissions on the log file to prevent anyone from changing it to cover there tracks although I not sure what permissions will allow or prevent the scripts from working.

I created a basic batch file using a reference from the link in the quote. Copy the code below to a batch file.

@echo off
if not exist c:\Logs md c:\Logs

echo Logon: %date%   %time:~0,5%   %UserName%>> c:\Logs\HistoryBasic.txt

echo Logon,"%date:~0,3%, %date:~4,2%/%date:~7,2%/%date:~10,4%",%time:~0,5%,%UserName%>> c:\Logs\History.csv
echo Logon: %date:~0,3%, %date:~4,2%/%date:~7,2%/%date:~10,4%   %time:~0,5%   %UserName%>> c:\Logs\History.txt

You actually only need one of the lines starting with "echo" but I have given 2 examples of different formatting and 1 that outputs to a CSV file (Comma Delimited) for use with a spreadsheet application. Check the attached image for a preview.

This is the logon script, for the logoff script change logon to logoff and save as 2 seperate files.

If you would like different formatting and don't know how to change it I can also help with that.

On WinXP I'm not sure if PowerShell was an optional update or would have been auto installed so you might want to check that before continuing with PowerShell scripts, although it's easy to install.

@karlsnooks
Still post your script.

EDIT: Modified the code above because I had it set to echo the full name of the day as you can see in my screenshot but just found out it doesn't work to well for Saturday because the short version of it is Sat so it logs as Satday. Only Sunday, Monday and Friday will work.

History.txt and HistoryBasic.txt are now the same except a comma after the day.

If you would like it to read Saturday, Sunday etc.. then I could work some if statements in there to check what the day is first and set a variable to echo instead.

 

[karlsnooks]

duzzy,
why I thank you for giving me permission to post my script.

 

[karlsnooks]

antcs,

# run PowerShell as an ADMINISTRATOR
# LAST LINE ($data) MUST BE FOLLOWED BY TWO CARRIAGE RETURNS!

# Simply copy and paste (You paste into PowerShell by clicking on right mouse button
# You can delete all of these lines which start with a # aforehand if desired

# a period indicates this computer, use actual name if desired
# $data defined as empty array
# match will compare against a 'regular' expression
# if match exist, returns true, result placed in $matches array

$a = "."
$data = @()
$NetLogs = Get-WmiObject Win32_NetworkLoginProfile -ComputerName $a

foreach ($NetLog in $NetLogs) {
if ($NetLog.LastLogon -match "(\d{14})") {
$row = "" | Select Name,LogonTime,numberoflogons
$row.Name = $NetLog.Name
$row.numberoflogons = $netlog.numberoflogons
$row.LogonTime=[datetime]:arseExact($matches[0], "yyyyMMddHHmmss", $null)
$data += $row
}
}
$data


#end of script