Really simple log on/off auditing utility
Logon Audit Utility can also be downloaded from:
Please consider supporting my work:
If you’d like to contact me, please leave a comment, send me a tweet or DM, or you can join my Discord server.
-Mike
Features and Requirements
- The utility is meant to be run on the client machine.
- It is ideally triggered as a logon/logoff script by a Group Policy.
- Any files that the script needs to access should be accessible from a client device.
- It can be used to log to a file, send to Teams, or both.
- The utility requires at least PowerShell 5.0.
This utility has been tested on Windows 10, Windows Server 2019 and Windows Server 2016.
Configuration
Here’s a list of all the command line switches and example configurations.
| Command Line Switch | Description | Example |
|---|---|---|
| -Logon | Use this option to log a log on event. | N/A |
| -Logoff | Use this option to log a log off event. | N/A |
| -Teams | The path to a txt file containing the webhook to your Teams instance. Use this option to send a configured event to teams as well as a log file. | \\server\share\webhook.txt |
| -L | The path to output the log file to. The file name will be Logon-Audit.log. Do not add a trailing \ backslash. | \\server\share |
Example
|
|
The above command will record a logon event for the currently logged on user to the log file and also to Teams.
Change Log
2020-03-12: Version 20.03.12 ‘Chick’
- Added option to send an event to Microsoft Teams.
- Refactored code.
- Fully backwards compatible.
2019-09-28 v1.0
- Initial public release.