I want a script that collects all logons from the organization's computers, and shows the last user logon and the most user's access in the computer.
I run this script from domain controller, but i only get the computer and the last logon, I don't have the last user logon or the frequency of logon.
Get-ADComputer -Filter * -Properties * | FT Name, LastLogonDate, user -Autosize
You can search the security event logs on a machine to get its last login.
$startDate = (Get-Date) - (New-TimeSpan -Day 5)
$UserLoginTypes = 2,7
Get-WinEvent -FilterHashtable @{Logname='Security';ID=4624;StartTime=$startDate} | SELECT TimeCreated, @{N='Username'; E={$_.Properties[5].Value}}, @{N='LogonType'; E={$_.Properties[8].Value}} | WHERE {$UserLoginTypes -contains $_.LogonType} | Sort-Object TimeCreated | SElect -last 1
That will search the last 7 days for interactive logins or unlocks on the computer and return the most recent one.
Update to get most logged in:
$startDate = (Get-Date) - (New-TimeSpan -Day 7)
$UserLoginTypes = 2,7
Get-WinEvent -FilterHashtable @{Logname='Security';ID=4624;StartTime=$startDate} | SELECT TimeCreated, @{N='Username'; E={$_.Properties[5].Value}}, @{N='LogonType'; E={$_.Properties[8].Value}} | WHERE {$UserLoginTypes -contains $_.LogonType} | group UserName | Sort-Object Count | Select -last 1
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.