Link above shows how to view it fr Event Viewer logs but I'll need to extract & save it to a file
using a command in Task Scheduler (say a daily task) for audit purposes.
Does the PS script below extract from Event Viewer? Does it require admin rights to run?
I need to check for both AD as well as local accounts that login with the dates/time they login to a PC.
There's a tool below but I wanted to save into say a csv / text file, not view it from a GUI screen:
My GOAL ultimately:
I have a group of about 50 users whose AD Id are members of our domain groups "Payment Staff" as well as "Domain Users" : to be able to login to the sensitive payment PCs (about 15 of them), they need to be member of "Payment Staff" while for any other general PCs (to read emails, browse Internet etc), just being a member of "Domain Users" is enough.
Audit wants me to review the 50 users dormancy & dates/timings they login to the sensitive payment PCs, so is there any way I could assess if they have authenticated using the role that they're granted membership of "Payment Staff" ?? I'm not Wintel-trained so my request may sound odd.