Registration Discovery and PowerShell Registration

Question

Registration Discovery and PowerShell Registration

How to determine if a user has been turned on or off from a Windows system (preferably working with win7, vista or XP) using powershell?

I want to register the date and time of each entry and exit of the car.

Thank you in advance

+5

logging powershell

Artur carvalho Mar 2 '11 at 19:06

source share

2 answers

Windows "Winlogon". , powershell, , , .

+1

Marc B 02 . '11 19:13

Jasonmarcher · Accepted Answer · 2011-03-03T20:29:31+0000

You can get this information from the event log:

Get-EventLog System -Source Microsoft-Windows-Winlogon

Logron has an InstanceId of 7001, logffs has 7002. The user account is the SID in ResplacementStrings.

Here is another useful code for you.

$UserProperty = @{n="User";e={(New-Object System.Security.Principal.SecurityIdentifier $_.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])}}
$TypeProperty = @{n="Action";e={if($_.EventID -eq 7001) {"Logon"} else {"Logoff"}}}
$TimeProeprty = @{n="Time";e={$_.TimeGenerated}}
Get-EventLog System -Source Microsoft-Windows-Winlogon | select $UserProperty,$TypeProperty,$TimeProeprty

You can also receive these events from a remote computer by adding the "-ComputerName" parameter to the Get-EventLog.

Registration Discovery and PowerShell Registration

More articles: