Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Using Microsoft logon to determine absenteeism and late coming to work

Posted on 2007-10-17
Medium Priority
Last Modified: 2013-12-04
We have been directed by our human resources to use our systems to determine when staff resume for work and determine those who do not turnup at all for work.
We run microsft XP at our desktops and have active directory setup. we intend to use the logon time to determine this.. any ideas ?
Question by:oandosupport
  • 2
  • 2
LVL 26

Expert Comment

by:Farhan Kazi
ID: 20091806
Greeting Oandosupport,

Try following it will give users last login date with time.

Click Start -> Run -> Cmd.exe -> OK

FOR /F %u IN ('DSQuery * -Filter "(sAMAccountType=805306368)" -Attr samAccountName -Limit 0') DO @ECHO %u &@NET USER %u /Domain |FIND /I "Last logon"

To save results in file

FOR /F %u IN ('DSQuery * -Filter "(sAMAccountType=805306368)" -Attr samAccountName -Limit 0') DO @ECHO %u &@NET USER %u /Domain |FIND /I "Last logon" >>UsersLoginInfo.txt

Check 'UsersLoginInfo.txt' file

Hope this helps!
LVL 70

Accepted Solution

KCTS earned 500 total points
ID: 20091825
The user logon is recorded in the security log (assuming that auditing of logon events is enabled) and the username/time and machine are identified. Howerver there are several issues that you will need to overcome.

Firstly the logon events will be burried in the event log with loads of other stuff so you will have to do some serious filtering and/or exporting of the logs to another application - such as a database to anaylse them. You can easily export the log to a CSV file

Secondly, if you have multiple Domain Controllers the logon event could be on any one of them so you will need to pull the security events from them all - there is a utility called EventComb which can do this.

Alternativly there are add-ins that you can get/buy which will assist. Limitlogin http://www.thincomputing.net/newsitem296.html for example not only limits logins (if desired) but also produces some useful logs
LVL 70

Expert Comment

ID: 20091857
.. I forgot the link for eventcomb - http://support.microsoft.com/kb/308471
LVL 26

Expert Comment

by:Farhan Kazi
ID: 20211868
Any update Oandosupport?

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question