Logon Audit Utility

Really simple log on/off auditing utility

Logon Audit Utility can also be downloaded from:

Please consider supporting my work:

  • Sign up using Patreon.
  • Support with a one-time payment using PayPal.

If you’d like to get in touch with me please leave a comment, send me a tweet or DM, or send me a message via my contact form.



Features and Requirements

  • The utility is meant to be run on the client machine.
  • It is ideally triggered as a logon/logoff script by a Group Policy.
  • Any files that the script needs to access should be accessible from a client device.
  • It can be used to log to a file, send to Teams, or both.
  • The utility requires at least PowerShell 5.0.

This utility has been tested on Windows 10, Windows Server 2019 and Windows Server 2016.



The table below shows all the command line options available with descriptions and example configurations.

Command Line Switch Description Example
-Logon Use this option to log a log on event. N/A
-Logoff Use this option to log a log off event. N/A
-Teams The path to a txt file containing the webhook to your Teams instance. Use this option to send a configured event to teams as well as a log file. \\server\share\webhook.txt
-L The path to output the log file to. The file name will be Logon-Audit.log. Do not add a trailing \ backslash. \\server\share



Logon-Audit.ps1 -Logon -L \\server\share
-Teams \\server\share\webhook.txt

The above command will record a logon event for the currently logged on user to the log file and also to Teams.


Change Log

2020-03-12: Version 20.03.12 ‘Chick’

  • Added option to send an event to Microsoft Teams.
  • Refactored code.
  • Fully backwards compatible.

2019-09-28 v1.0

  • Initial public release.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: