Recording Logon / Logoff activities on Domain Servers and Workstations can be useful in multiple situations:
This could be easily achieved by using a
Group Policy. This Wiki shows how to have this done and how to store this information in two CSV files:
logon.csv and logoff.csv.
All you need are:
A shared folder (We will take \\Server\Share\ as the name of our share in this example) on a file server is needed to share the CSV
files that will be updated when a user does a logon or a logoff. You need to grant Read / Write permission for your users on this share in order to allow updates on it (You can grant this permission to
Authenticated Users group).
For the logon / logoff script, you can create two Batch files with the following commands:
echo %computername%; %userdomain% ; %username%; %date% ; %time% >> \\Server\Share\logon.csv
echo %computername%; %userdomain% ; %username%; %date% ; %time% >> \\Server\Share\logoff.csv
These commands will allow updating logon.csv and logoff.csv
CSV files under \\Server\Share\ share with the following information:
Once you have the shared folder and the logon / logoff scripts, you can proceed with the creation of a new GPO that will be linked to your Domain
OUs. You will need to configure the following settings by adding the Batch files to use:
Once your GPO is properly applied, you will start having the CSV files updated in next logon / logoff of your users. Note the fields are semicolon delimited, in case any values (such as user names) includes commas. The files can be imported into an Excel
spreadsheet for analysis by specifying the semicolon as the delimiter.