Quick PoSH: User Logon Auditing

Here’s a quick and dirty user logon/logoff auditing script that has been helpful in educational institutions. The script is available to download from GitHub.



Open the Group Policy Object at the top most level of your domain(s) and add the script to the PowerShell scripts area. On log on, add the -logon parameter, and on log off add the -logoff parameter.

Create a hidden share somewhere on your network, and give ‘Authenticated Users’ Full Control share and file permissions.

Edit the $LogFile variable at the top of the script to the full path of the hidden share, including the name of the log file you wish to create.

The log file includes the computer name, domain name, user name, and time and date of the log on or log off event. They are separated by commas should you wish to manipulate the data in Excel.

If you’d like to get in touch with me please use the comments, Twitter (you can tweet me and my DMs are open) or my contact form.

Please consider donating to support my work:

Thank you!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: