Here’s a real quick and dirty user logon/logoff auditing script that has been helpful in educational institutions. The script is available to download from GitHub.
Open the Group Policy Object at the top most level of your domain(s) and add the script to the PowerShell scripts area. On log on, add the -logon parameter, and on log off add the -logoff parameter.
Create a hidden share somewhere on your network, and give ‘Authenticated Users’ Full Control share and file permissions.
Edit the $LogFile variable at the top of the script to the full path of the hidden share, including the name of the log file you wish to create.
The log file includes the computer name, domain name, user name, and time and date of the log on or log off event. They are separated by commas should you wish to manipulate the data in Excel.
I take great care to test my ideas and make sure my articles are accurate before posting, however mistakes do slip through sometimes. If you’d like to get in touch with me please use the comments, Twitter (you can tweet me and my DMs are open) or my contact form.
I hope this article helps you out, please consider supporting my work here. Thank you.