|
WinAudit :: User Logon Statistics
|
User logon events are stored in the system's security log. If you wish to report this you need to ensure that
'Audit Account Logon Events', 'Audit Logon Events' and 'Audit System Events' are enabled in the Audit Policy.
The security log can grow very large and it is not uncommon for it to contain several hundred thousand
entries. Summarising this information may take some time to complete. Clearly, if the security log is
purged then no data can be reported. Requires Windows® NT4 or above. Accessing the security log may
require special privileges depending on the security policy in effect.
 User Account
The name of the logged on account, usually reported as Domain_Name\User_Name.
First Logon Timestamp
The first entry in the security log of when the user logged on. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.
Last Logon Timestamp
The last entry in the security log of when the user logged on. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.
Console Logons
The number of times the user logged on at the console. That is, an interactive logon at system's keyboard.
Remote Logons
The number of times the user logged on via a remote session such as remote desktop. Applicable to XP and newer.
Other Logons
The number of logons at neither the console nor from a remote computer. Examples of this are logons for a service, batch job or the machine account.
|
