Wont this overwrite the file every time it runs ?
From: [email protected] To: [email protected] Subject: RE: [NTSysADM] RE: user logged in time Date: Fri, 10 Jul 2015 19:17:03 +0000 Very basic, I am not a scripter by any means Have this in a file called logon.cmd in the NETLOGON folder and call it via GPO echo Log-on Script: Login From: %COMPUTERNAME%, User Name: %USERNAME%, Date: %DATE%, Time: %TIME% >> \\Servername\Sharename\%username%.csv and this one in a file called Logoff.cmd echo Log-off Script: Log-off From: %COMPUTERNAME%, User Name: %USERNAME%, Login Date: %DATE%, Login Time: %TIME% >> \\Servername\Sharename \%username%.csv But it works for me. Tony From: [email protected] [mailto:[email protected]] On Behalf Of J- P Sent: 10 July 2015 19:05 To: NT Subject: RE: [NTSysADM] RE: user logged in time Would you mind sharing it? Jean-Paul Natola From: [email protected] To: [email protected] Subject: [NTSysADM] RE: user logged in time Date: Fri, 10 Jul 2015 07:04:05 +0000 http://www.windowsecurity.com/articles-tutorials/misc_network_security/Logon-Types.html This has always been the site I refer back to for the various codes that each type of logon and logoff event relates to. I also have a logon and logoff script attached to a GPO which logs the user name, device name and time to an excel spreadsheet on a central share, one for each person making it easy to find if needed. Tony From: [email protected] [mailto:[email protected]] On Behalf Of Stephen Gestwicki Sent: 09 July 2015 22:52 To: [email protected] Subject: [NTSysADM] RE: user logged in time A quick bing search (you read that right) showed me this that contains the events for logon and logoff along with session connections, locked workstations, and the screensaver. You may also want to watch for idle events too. http://www.morgantechspace.com/2013/10/tracking-user-logon-activity-using.html - Stephen From: [email protected] [mailto:[email protected]] On Behalf Of Boyles, Peter J {BIS} Sent: Thursday, July 09, 2015 5:28 PM To: [email protected] Subject: [NTSysADM] RE: user logged in time Enable audit of security events for success and failure of logon and logoff Check security event log for: Event ID 4648 Logon Event ID 4634 Logoff Peter Boyles BIS Engineering Analyst PepsiCo Inc. | Global End User Services | GEUS Deploy From: [email protected] [mailto:[email protected]] On Behalf Of David McSpadden Sent: Thursday, July 9, 2015 12:54 PM To: [email protected] Subject: [NTSysADM] user logged in time I want to see in general when a user logged into a workstation. So I am looking in the local workstation, Security events, for ….what?? David McSpadden Systems Administrator Indiana Members Credit Union P: 317.554.8190 | F: 317.554.8106 This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. DISCLAIMER This material has been checked by us for computer viruses and, although none has been found, we cannot guarantee that it is completely free from such problems and we do not accept liability for loss or damage which may be caused. This message is intended only for use of the individual or entity to whom it is addressed and may contain information which may be privileged and confidential. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately via e-mail and delete the message. Thank you. ******************************************************* Travelers Insurance Company Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority in the UK and is regulated by the Central Bank of Ireland for conduct of business rules. Registered in England 1034343. Registered as a branch in Ireland 903382. Travelers Syndicate Management Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Registered in England 03207530. Travelers Underwriting Agency Limited is authorised and regulated by the Financial Conduct Authority. Registered in England 03708247. Travelers Professional Risks Limited is an appointed representative of Travelers Insurance Company Limited which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Registered in England 05201980 Travelers Management Limited. Registered in England 00972175. The registered offices for all companies listed above is: Exchequer Court, 33 St Mary Axe, London, EC3A 8AG. All other branch offices are available from our websites. travelers.co.uk travelers.ie Issues to: mailto: [email protected] This communication, including attachments, is confidential, may be subject to legal privileges, and is intended for the sole use of the addressee. Any use, duplication, disclosure or dissemination of this communication, other than by the addressee, is prohibited. If you have received this communication in error, please notify the sender immediately and delete or destroy this communication and all copies. TRVDiscDefault::1201 DISCLAIMER This material has been checked by us for computer viruses and, although none has been found, we cannot guarantee that it is completely free from such problems and we do not accept liability for loss or damage which may be caused. This message is intended only for use of the individual or entity to whom it is addressed and may contain information which may be privileged and confidential. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately via e-mail and delete the message. Thank you. ******************************************************* Travelers Insurance Company Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority in the UK and is regulated by the Central Bank of Ireland for conduct of business rules. Registered in England 1034343. Registered as a branch in Ireland 903382. Travelers Syndicate Management Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Registered in England 03207530. Travelers Underwriting Agency Limited is authorised and regulated by the Financial Conduct Authority. Registered in England 03708247. Travelers Professional Risks Limited is an appointed representative of Travelers Insurance Company Limited which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Registered in England 05201980 Travelers Management Limited. Registered in England 00972175. The registered offices for all companies listed above is: Exchequer Court, 33 St Mary Axe, London, EC3A 8AG. All other branch offices are available from our websites. travelers.co.uk travelers.ie Issues to: mailto: [email protected]
