How to tell who has been logging in to a Windows 7 PC on an SBS 2008 Domain

Posted on 2012-09-04
Last Modified: 2012-09-04
Hey guys,

How can I tell what users have been logging onto a workstation? The owner of a company is saying there's a different user name as his last logged in user each morning he gets in. I need to find out exactly who that is and what time it's occurring...
Windows 7 Pro connected to SBS 2008 Domain.

Question by:optimus_nz
    LVL 77

    Accepted Solution

    Micorosft has a tool psloggedon that will tell you IS logged on but not who WAS logged on:

    We usually add the following scrippt to the all users logon script  to create a log file. It would give you UserName, ComputerName, date and time, in a simple single line, followed by the IP from which they connected, if needed. If you wish to know logoff times as well, you can add the same lines to a log off script in group policy (if you don't already have one: User Configuration | Windows settings | Scripts | Logoff). You likely won’t need the last line (IP address) in the log off script.

    As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
    Log File

    Log On:  jdoe SERVER1  Tue 1/1/2007   9:01
      TCP        ESTABLISHED

    Log Off: jdoe SERVER1  Tue 1/1/2007   9:31

    Log On:  jsmith SERVER2  Tue 1/1/2007   11:00
      TCP        ESTABLISHED

    Log Off: jsmith SERVER1  Tue 1/1/2007   11:30

    If Exist "\\Server\Logs\LogOns.Log" GoTo START
    Echo Log File > "\\Server\Logs\LogOns.Log"
    Echo. >> "\\Server\Logs\LogOns.Log"
    Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,16%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
    netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

    Note the users will need to have read/write and execute permissions for the \\Server\Logs\LogOns.Log  file.

    Author Comment

    Perfect. Thanks!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Hi Friends, These registry tweaks will help you optimizing your Windows 7 system for any VDI. This will improve the machine performanance and can be used on normal systems also. These are few registry tweaks which will add value by enhancing the …
    Article by: Lee
    Windows 7 Ultimate and Enterprise (and 2008 R2) introduced a new feature you may not be aware of - Boot from VHD.   Boot from VHD (or what Microsoft refers to asNative Boot allows you to install Windows to a VHD (Virtual Hard Disk) file that is t…
    This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
    This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now