<div>
Have a look at <a href="https://www.manageengine.com/products/active-directory-audit/monitor-user-logon-actions.html?lhs" rel="ugc">ADAudit Plus</a> for logon event monitoring and reporting. &nbsp;Have you <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events" rel="ugc">enabled auditing of the logon events</a> of interest?
</div>


<div>
Thanks but The think is that i cannot use any software so I am looking for solution that I will extract somehow
</div>


<div>
I have auditing enabled on the server.
</div>


<div>
What about PowerShell?<br />
<a href="https://filedb.experts-exchange.com/incoming/2018/10_w43/1396549/logonactivity.ps1.txt" target="_blank" class="file-inline" title="logonactivity.ps1.txt (14 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>logonactivity.ps1.txt</a>
</div>


logonactivity.ps1.txt

<div>
Yes I can use scripts, I setup this <a href="https://gallery.technet.microsoft.com/scriptcenter/Export-Windows-event-log-ecdfadfc" rel="ugc nofollow">https://gallery.technet.microsoft.com/scriptcenter/Export-Windows-event-log-ecdfadfc</a><br />
but &nbsp;excel does not show User ID name, the column is empty and I do not know why ?<br />
I am no good in the scripting so maybe anyone know what is wrong with the above script ? &nbsp;<br />
<br />
thank you
</div>


<div>
I've attached a working script above... just rename to <b>logonactivity.ps1 </b> and ensure you run powershell from an elevated privileged administrative command prompt.<br />
<br />

<pre><code class="code-1 nolinks" id="code-20-42716529-1"><span>powershell -ep bypass -file ./logonactivity.ps1</span>
</code></pre>
</div>


<div>
Hi &nbsp;thank you I will test it tomorrow
</div>


<div>
Hi Giovanni, <br />
<br />
Ok so I run this script but I got this error,please see below.<br />
<br />
File C:\temp\logonactivity.ps1 cannot be loaded. The file C:\temp\logonactivity.ps1 is not digitally signed. You cannot run this <br />
script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies <br />
at <a href="http://go.microsoft.com/fwlink/?LinkID=135170" rel="ugc">http://go.microsoft.com/fwlink/?LinkID=135170</a>.<br />
&nbsp; &nbsp; + CategoryInfo &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;: SecurityError: (:) [], ParentContainsErrorRecordE<wbr />xception<br />
&nbsp; &nbsp; + FullyQualifiedErrorId : UnauthorizedAccess
</div>


<div>
hi<br />
<br />
<br />
Now I got this error .<br />
<br />
Get-Eventlog : Requested registry access is not allowed.<br />
At C:\temp\logonactivity.ps1:<wbr />47 char:8<br />
+ $log = Get-Eventlog -LogName Security -ComputerName $hostname -after &nbsp;...<br />
+ &nbsp; &nbsp; &nbsp; &nbsp;~~~~~~~~~~~~~~~~~~~~~~~~~~<wbr />~~~~~~~~~~<wbr />~~~~~~~~~~<wbr />~~~~~~~~~~<wbr />~~~~~~<br />
&nbsp; &nbsp; + CategoryInfo &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;: NotSpecified: (:) [Get-EventLog], SecurityException<br />
&nbsp; &nbsp; + FullyQualifiedErrorId : System.Security.SecurityEx<wbr />ception,Mi<wbr />crosoft.Po<wbr />werShell.C<wbr />ommands.Ge<wbr />tEventLogC<wbr />ommand
</div>


<div>
Here are the steps you need to follow in order to successfully track user logon sessions using the event log: <a href="https://community.spiceworks.com/how_to/130398-how-to-track-user-logon-sessions-using-event-log" rel="ugc">https://community.spiceworks.com/how_to/130398-how-to-track-user-logon-sessions-using-event-log</a>
</div>


<div>
Thank you guys. Giovani I will open a new question if you can help me I would really &nbsp;appreciate that
</div>


<div>
<div class="content wysiwyg-content">
Hi guys, <br />
<br />
Could you help me to find solution to extract Windows Logins events ? I need to find solution to monitor this every one week<br />
<br />
Regularly check security logs for inordinate amounts of data LEAVING the network. Hint: it could be going to a bad guy. - How could I do this ? &nbsp;<br />
<br />
thank you<br />
M
</div>
</div>


Hi guys, 

Could you help me to find solution to extract Windows Logins events ? I need to find solution to monitor this every one week

Regularly check security logs for inordinate amounts of data LEAVING the network. Hint: it could be going to a bad guy. - How could I do this ?  

thank you
M

Windows Events monitoring

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.