Using Microsoft logon to determine absenteeism and late coming to work

Posted on 2007-10-17
Last Modified: 2013-12-04
We have been directed by our human resources to use our systems to determine when staff resume for work and determine those who do not turnup at all for work.
We run microsft XP at our desktops and have active directory setup. we intend to use the logon time to determine this.. any ideas ?
Question by:oandosupport
    LVL 26

    Expert Comment

    Greeting Oandosupport,

    Try following it will give users last login date with time.

    Click Start -> Run -> Cmd.exe -> OK

    FOR /F %u IN ('DSQuery * -Filter "(sAMAccountType=805306368)" -Attr samAccountName -Limit 0') DO @ECHO %u &@NET USER %u /Domain |FIND /I "Last logon"

    To save results in file

    FOR /F %u IN ('DSQuery * -Filter "(sAMAccountType=805306368)" -Attr samAccountName -Limit 0') DO @ECHO %u &@NET USER %u /Domain |FIND /I "Last logon" >>UsersLoginInfo.txt

    Check 'UsersLoginInfo.txt' file

    Hope this helps!
    LVL 70

    Accepted Solution

    The user logon is recorded in the security log (assuming that auditing of logon events is enabled) and the username/time and machine are identified. Howerver there are several issues that you will need to overcome.

    Firstly the logon events will be burried in the event log with loads of other stuff so you will have to do some serious filtering and/or exporting of the logs to another application - such as a database to anaylse them. You can easily export the log to a CSV file

    Secondly, if you have multiple Domain Controllers the logon event could be on any one of them so you will need to pull the security events from them all - there is a utility called EventComb which can do this.

    Alternativly there are add-ins that you can get/buy which will assist. Limitlogin for example not only limits logins (if desired) but also produces some useful logs
    LVL 70

    Expert Comment

    .. I forgot the link for eventcomb -
    LVL 26

    Expert Comment

    Any update Oandosupport?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Article by: btan
    The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
    Learn about cloud computing and its benefits for small business owners.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now