Here’s a quick and dirty user logon/logoff auditing script that has been helpful in educational institutions. The script is available to download from GitHub.
Open the Group Policy Object at the top most level of your domain(s) and add the script to the PowerShell scripts area. On log on, add the -logon parameter, and on log off add the -logoff parameter.
Create a hidden share somewhere on your network, and give ‘Authenticated Users’ Full Control share and file permissions.
Edit the $LogFile variable at the top of the script to the full path of the hidden share, including the name of the log file you wish to create.
The log file includes the computer name, domain name, user name, and time and date of the log on or log off event. They are separated by commas should you wish to manipulate the data in Excel.
Please consider donating to support my work: