Not on a time clock, salary, Keyed entrance and unless she is first in alarm panel is off.
I’ll keep looking. I am going to play with the powershell and see what I see. From: [email protected] [mailto:[email protected]] On Behalf Of Kurt Buff Sent: Friday, July 10, 2015 3:50 PM To: ntsysadm Subject: Re: [NTSysADM] RE: user logged in time The DCs are the correct place, unless, as noted, she is logging in with a local account. The thing you want to look at is lastlogondate, using powershell - it's a calculated/converted version of the value for lastlogontimestamp, which is replicated amongst the DCs. Thus, you only have to query one DC/GC, rather than all of them. Query every 15 minutes or so each morning, to get a good idea of logon times. See this for some examples: http://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx Of course, if she hares off to meetings first thing each morning, before ever touching her machine, it won't be accurate. Perhaps more accurate (and perhaps not, given tailgating, etc.) would be records from your cardkey system, if you have one. Kurt On Fri, Jul 10, 2015 at 12:22 PM, David McSpadden <[email protected]<mailto:[email protected]>> wrote: Mostly I am trying to let management know if a department manager is even coming in and when. Right now it looks like she is coming in around 9:30 instead of 7:30. I would like to know for sure though. I was thinking the interactive (2) on the workstation but everyone is saying the dc’s (I have 5 total) should be where to get my info. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Kibble,Tony Sent: Friday, July 10, 2015 3:17 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] RE: user logged in time Very basic, I am not a scripter by any means Have this in a file called logon.cmd in the NETLOGON folder and call it via GPO echo Log-on Script: Login From: %COMPUTERNAME%, User Name: %USERNAME%, Date: %DATE%, Time: %TIME% >> \\Servername\Sharename\%username%.csv<file:///\\Servername\Sharename\%25username%25.csv> and this one in a file called Logoff.cmd echo Log-off Script: Log-off From: %COMPUTERNAME%, User Name: %USERNAME%, Login Date: %DATE%, Login Time: %TIME% >> \\Servername\Sharename<file:///\\Servername\Sharename> \%username%.csv But it works for me. Tony From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of J- P Sent: 10 July 2015 19:05 To: NT Subject: RE: [NTSysADM] RE: user logged in time Would you mind sharing it? Jean-Paul Natola ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: user logged in time Date: Fri, 10 Jul 2015 07:04:05 +0000 http://www.windowsecurity.com/articles-tutorials/misc_network_security/Logon-Types.html This has always been the site I refer back to for the various codes that each type of logon and logoff event relates to. I also have a logon and logoff script attached to a GPO which logs the user name, device name and time to an excel spreadsheet on a central share, one for each person making it easy to find if needed. Tony From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Stephen Gestwicki Sent: 09 July 2015 22:52 To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: user logged in time A quick bing search (you read that right) showed me this that contains the events for logon and logoff along with session connections, locked workstations, and the screensaver. You may also want to watch for idle events too. http://www.morgantechspace.com/2013/10/tracking-user-logon-activity-using.html - Stephen From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Boyles, Peter J {BIS} Sent: Thursday, July 09, 2015 5:28 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: user logged in time Enable audit of security events for success and failure of logon and logoff Check security event log for: Event ID 4648 Logon Event ID 4634 Logoff Peter Boyles BIS Engineering Analyst PepsiCo Inc. | Global End User Services | GEUS Deploy From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of David McSpadden Sent: Thursday, July 9, 2015 12:54 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] user logged in time I want to see in general when a user logged into a workstation. So I am looking in the local workstation, Security events, for ….what?? David McSpadden Systems Administrator Indiana Members Credit Union P: 317.554.8190<tel:317.554.8190> | F: 317.554.8106<tel:317.554.8106> [Description: imcu email icon]<http://imcu.com/> [Description: facebook email icon] <https://www.facebook.com/IndianaMembersCU> [Description: twitter email icon] <https://twitter.com/IndMembersCU> [Description: email logo] [mcp2] This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. ________________________________ DISCLAIMER This material has been checked by us for computer viruses and, although none has been found, we cannot guarantee that it is completely free from such problems and we do not accept liability for loss or damage which may be caused. This message is intended only for use of the individual or entity to whom it is addressed and may contain information which may be privileged and confidential. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately via e-mail and delete the message. Thank you. ******************************************************* Travelers Insurance Company Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority in the UK and is regulated by the Central Bank of Ireland for conduct of business rules. Registered in England 1034343. Registered as a branch in Ireland 903382. Travelers Syndicate Management Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Registered in England 03207530. Travelers Underwriting Agency Limited is authorised and regulated by the Financial Conduct Authority. Registered in England 03708247. Travelers Professional Risks Limited is an appointed representative of Travelers Insurance Company Limited which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Registered in England 05201980 Travelers Management Limited. Registered in England 00972175. The registered offices for all companies listed above is: Exchequer Court, 33 St Mary Axe, London, EC3A 8AG. All other branch offices are available from our websites. travelers.co.uk<http://travelers.co.uk> travelers.ie<http://travelers.ie> Issues to: mailto: [email protected]<mailto:[email protected]> ________________________________ This communication, including attachments, is confidential, may be subject to legal privileges, and is intended for the sole use of the addressee. Any use, duplication, disclosure or dissemination of this communication, other than by the addressee, is prohibited. If you have received this communication in error, please notify the sender immediately and delete or destroy this communication and all copies. TRVDiscDefault::1201 ________________________________ DISCLAIMER This material has been checked by us for computer viruses and, although none has been found, we cannot guarantee that it is completely free from such problems and we do not accept liability for loss or damage which may be caused. This message is intended only for use of the individual or entity to whom it is addressed and may contain information which may be privileged and confidential. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately via e-mail and delete the message. Thank you. ******************************************************* Travelers Insurance Company Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority in the UK and is regulated by the Central Bank of Ireland for conduct of business rules. Registered in England 1034343. Registered as a branch in Ireland 903382. Travelers Syndicate Management Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Registered in England 03207530. Travelers Underwriting Agency Limited is authorised and regulated by the Financial Conduct Authority. Registered in England 03708247. Travelers Professional Risks Limited is an appointed representative of Travelers Insurance Company Limited which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Registered in England 05201980 Travelers Management Limited. Registered in England 00972175. The registered offices for all companies listed above is: Exchequer Court, 33 St Mary Axe, London, EC3A 8AG. All other branch offices are available from our websites. travelers.co.uk<http://travelers.co.uk> travelers.ie<http://travelers.ie> Issues to: mailto: [email protected]<mailto:[email protected]> This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
