This page looks best with JavaScript enabled

Logon Audit Utility

Really simple log on/off auditing utility

Logon Audit Utility can also be downloaded from:

Please consider supporting my work:

  • Sign up using Patreon.
  • Support with a one-time payment using PayPal.

If you’d like to contact me, please leave a comment, send me a tweet or DM, or you can join my Discord server.

-Mike

Features and Requirements

  • The utility is meant to be run on the client machine.
  • It is ideally triggered as a logon/logoff script by a Group Policy.
  • Any files that the script needs to access should be accessible from a client device.
  • It can be used to log to a file, send to Teams, or both.
  • The utility requires at least PowerShell 5.0.

This utility has been tested on Windows 10, Windows Server 2019 and Windows Server 2016.

Configuration

Here’s a list of all the command line switches and example configurations.

Command Line Switch Description Example
-Logon Use this option to log a log on event. N/A
-Logoff Use this option to log a log off event. N/A
-Teams The path to a txt file containing the webhook to your Teams instance. Use this option to send a configured event to teams as well as a log file. \\server\share\webhook.txt
-L The path to output the log file to. The file name will be Logon-Audit.log. Do not add a trailing \ backslash. \\server\share

Example

1
Logon-Audit.ps1 -Logon -L \\server\share -Teams \\server\share\webhook.txt

The above command will record a logon event for the currently logged on user to the log file and also to Teams.

Change Log

2020-03-12: Version 20.03.12 ‘Chick’

  • Added option to send an event to Microsoft Teams.
  • Refactored code.
  • Fully backwards compatible.

2019-09-28 v1.0

  • Initial public release.
Share on
Support the author with