I have a group of about 50 users whose AD Id are members of 2 domain groups :
"Payment Staff" as well as "Domain Users" :
to be able to login to a group of sensitive payment PCs (about 15 of them), they need to be member of "Payment Staff" while for any other general PCs (to read emails, browse Internet etc), just being a member of "Domain Users" is enough.
Basically on the 15 PCs' local "Users" group, I've removed "Domain Users" & added "Payment Staff" to "Users" group to effect this control.
Audit wants me to review the 50 users dormancy & dates/timings they login to the sensitive payment PCs, so is there any way I could assess if they have authenticated using the role that they're granted membership of "Payment Staff" ?? I'm not Wintel-trained so my request may sound odd.
Is there any PowerShell command or tool to query the AD to get a list of the "MEPS Staff" users who login to the 15 PCs
(with date & time) by the criteria that they managed to login due to their "MEPS Staff" membership, while excluding those records where they login by the fact that they are members of "Domain Users" ??
Or this is something that I can only extract from the 15 PCs' event viewer logs ?? This decentralized method will mean more effort once the # of PCs group & have to send these decentralized logs to a common location for me to pick up