Active Directory Logon Script

Hi,
for some time now we used batch script to log user logon to theirs domain computers. What we collected via this script was something like this:

Mon 02.01.2017., 7:55:06,64,user1,AD-PC1,Windows 7 or Server 2008R2,32 Bit
Mon 02.01.2017., 7:55:42,90,user2,AD-PC2,Windows 7 or Server 2008R2,64 Bit
Mon 02.01.2017., 7:55:46,51,user3,AD-PC3,Windows 7 or Server 2008R2,32 Bit
Mon 02.01.2017., 7:55:50,94,user4,AD-PC4,Windows 7 or Server 2008R2,64 Bit

But now (well not now, but some time ago) Powershell started to improve IT life.
So logon script that I use now on my domain is as follows:

$ipV4 = Test-Connection -ComputerName $env:ComputerName -Count 1  | Select -ExpandProperty IPV4Address

$Date = Get-Date -format “dd.MM.yyyy HH:mm”

$OutputFile = ‘UNC Path\logon.txt’

$TotalMemory = (Get-WMIObject -class Win32_PhysicalMemory |Measure-Object -Property capacity -Sum | % {[Math]::Round(($_.sum / 1GB),2)})
$String = $Date +”, “
$String += $env:UserName +”, “
$string += $env:ComputerName  +”, “
$string += $ipV4.IPAddressToString +”, “
$string += (Get-WmiObject -class Win32_OperatingSystem).Caption +”, “
$string += (Get-WmiObject -class Win32_OperatingSystem).OSArchitecture +”, “
$string += (Get-WmiObject CIM_ComputerSystem).Model+ ” (” + (Get-WmiObject CIM_ComputerSystem).SystemFamily + “) sn:” +(Get-WmiObject Win32_Bios).Serialnumber +”, “
$String += [string]$TotalMemory +”GB RAM, “
$String += “IE: ” + (Get-ItemProperty ‘HKLM:\Software\Microsoft\Internet Explorer’).SvcVersion
$string | Out-File $OutputFile –Append

And now we get full information who logged on, at what time, from what IP address and from what particular PC
Now collection looks like this:
29.09.2017 18:21, user1, AD-PC1, 10.10.10.1, Microsoft Windows 7 Professional , 32-bit, Model1 (Lenovo X230) sn:1111111, 4GB RAM, IE: 11.0.9600.18762
29.09.2017 18:36, user2, AD-PC2, 10.10.10.2, Microsoft Windows 7 Professional , 32-bit, Model2 (HP370 AIO) sn:11111112, 4GB RAM, IE: 11.0.9600.18762
29.09.2017 18:39, user1, AD-PC3, 10.10.10.3, Microsoft Windows 7 Enterprise , 64-bit, Model3 (XXXXXX) sn:1123141, 4GB RAM, IE: 11.0.9600.18762
I suggest you open the txt file with Notepad++ because it does not lock file for further write.

Good Luck!

Share with:

FacebookTwitterGoogleLinkedIn


Leave a Comment