Windows Server: logging users logon and logoff via PowerShell

You are planning a migration and you want to track and monitor for a few weeks when your server is being used the most?

  1. Open Windows PowerShell ISE ( or notepad ;-) )
  2. Add this PowerShell line below and save the script as monitorlogon.ps1
  3. "logon {0} {1} {2:yyyy-MM-dd HH:mm:ss}" -f $env:username, $env:computername, (Get-Date) >> logon.log
  4. Create another script file, add the PowerShell line below and save it as monitorlogoff.ps1
  5.  "logff {0} {1} {2:yyyy-MM-dd HH:mm:ss}" -f $env:username, $env:computername, (Get-Date) >> logoff.log
  6. Start the Logal Group Policy Editor ([Windows]+[r] > gpedit.msc)
  7. Navigate to [User Configuration] > [Windows Settings] > [Scripts (Logon/Logoff)]
  8. Double click on the [Logon] name
  9. Navigate to the [PowerShell Scripts] tabpage
  10. Click the [Add] button and select your monitorlogon.ps1 script.
  11. Optionally you can select the execution order, default is set to “Not configured”.
  12. Repeat again from step 6. for the Logoff script.

You can change the >> filename.log part to >> \\MyShare\filename.log.

If you want to do this on a Windows Server 2003 where you can’t run your PowerShell you will need to save the file as an *.cmd:

  1. Create a new file and call it monitorlogon.cmd
  2. Enter the line below and save the script as monitorlogon.cmd:
  3. echo logon %username% %computername% %date% %time% >> C:\logon.log
  4. Repeat this for monitorlogoff.cmd and adjust the script line.
  5. Follow the steps from the PowerShell script.
About these ads

3 thoughts on “Windows Server: logging users logon and logoff via PowerShell

      • Hi Milcho see the part “You can change the >> filename.log part to >> \\MyShare\filename.log.”

        so you can change the path of the filename.log to e.g. a central location on a server. Feel free to experiment with it. You could also search your computer for that specific file and find out where it is stored if you don’t adjust the path.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s