Hi,
for some time now we used batch script to log user logon to theirs domain computers. What we collected via this script was something like this:
Mon 02.01.2017., 7:55:06,64,user1,AD-PC1,Windows 7 or Server 2008R2,32 Bit
Mon 02.01.2017., 7:55:42,90,user2,AD-PC2,Windows 7 or Server 2008R2,64 Bit
Mon 02.01.2017., 7:55:46,51,user3,AD-PC3,Windows 7 or Server 2008R2,32 Bit
Mon 02.01.2017., 7:55:50,94,user4,AD-PC4,Windows 7 or Server 2008R2,64 Bit
But now (well not now, but some time ago) Powershell started to improve IT life.
So logon script that I use now on my domain is as follows:
$ipV4 = Test-Connection -ComputerName $env:ComputerName -Count 1 | Select -ExpandProperty IPV4Address
$Date = Get-Date -format “dd.MM.yyyy HH:mm”
$OutputFile = ‘UNC Path\logon.txt’
$TotalMemory = (Get-WMIObject -class Win32_PhysicalMemory |Measure-Object -Property capacity -Sum | % {[Math]::Round(($_.sum / 1GB),2)})
$String = $Date +”, “
$String += $env:UserName +”, “
$string += $env:ComputerName +”, “
$string += $ipV4.IPAddressToString +”, “
$string += (Get-WmiObject -class Win32_OperatingSystem).Caption +”, “
$string += (Get-WmiObject -class Win32_OperatingSystem).OSArchitecture +”, “
$string += (Get-WmiObject CIM_ComputerSystem).Model+ ” (” + (Get-WmiObject CIM_ComputerSystem).SystemFamily + “) sn:” +(Get-WmiObject Win32_Bios).Serialnumber +”, “
$String += [string]$TotalMemory +”GB RAM, “
$String += “IE: ” + (Get-ItemProperty ‘HKLM:\Software\Microsoft\Internet Explorer’).SvcVersion
$string | Out-File $OutputFile –Append
And now we get full information who logged on, at what time, from what IP address and from what particular PC
Now collection looks like this:
29.09.2017 18:21, user1, AD-PC1, 10.10.10.1, Microsoft Windows 7 Professional , 32-bit, Model1 (Lenovo X230) sn:1111111, 4GB RAM, IE: 11.0.9600.18762
29.09.2017 18:36, user2, AD-PC2, 10.10.10.2, Microsoft Windows 7 Professional , 32-bit, Model2 (HP370 AIO) sn:11111112, 4GB RAM, IE: 11.0.9600.18762
29.09.2017 18:39, user1, AD-PC3, 10.10.10.3, Microsoft Windows 7 Enterprise , 64-bit, Model3 (XXXXXX) sn:1123141, 4GB RAM, IE: 11.0.9600.18762
I suggest you open the txt file with Notepad++ because it does not lock file for further write.
Good Luck!
