PowerShell version 2 script to parse a comma delimited log file created by logon and logoff scripts. For a specified user the script outputs any computers the user has logged into, but has not yet logged out of. The script outputs the username, the computer names, and the date and time when the user logged into each computer. The log file is created by logon and logoff scripts configured in Group Policy. Each of these scripts appends a line to a shared log file. The logon script can be as simple as the following batch file:
@echo off
echo Logon,%date%,%time%,%computername%,%username%>> \\Server\Share\Users.log
The logoff script can be similar to the following batch file:
@echo off
echo Logoff,%date%,%time%,%computername%,%username%>> \\Server\Share\Users.log
All users need write permission for the log file. Before using the script, update the path and filename of your log file in the script, if necessary. This PowerShell script assumes that the fields in the resulting log file are comma delimited. There can be more than 5 fields, but the first 5 should be:
"logon" or "logoff",date,time,computername, username
There should be no header line. For example, the log file could be similar to the following:
Logon,Tue 06/26/2018,07:43:26.22,WKSTA008,jsmith
Logon,Tue 06/26/2018,07:55:05.63,WKSTA017,kwilliams
Logoff,Tue 06/26/2018,14:27:33.72,WKSTA017,kwilliams
Logon,Tue 06/26/2018,14:46:14.44,WKSTA003,mjohnson
Logoff,Tue 06/26/2018,15:21:44.60,WKSTA008,jsmith
Logon,Wed 06/27/2018,08:04:52.18,WKSTA004,mjohnson
Logon,Wed 06/27/2018,08:49:06.01,WKSTA008,jsmith
This script accepts a user logon name (the sAMAccountName) as a parameter, or the script will prompt for the user logon name. The script output is displayed at the console. The output cannot be redirected to a text file (because of the use of the Write-Host cmdlet, which allows colorization of the output). The command to run this script at a PowerShell prompt could be similar to:
.\FindUser.ps1 jsmith
The script outputs information similar to the following at the console:
PS c:\Scripts> .\FindUser.ps1
Enter user logon name (sAMAccountName): jsmith
User jsmith logged in at computer: WKSTA008
Logon Time: Wed 06/27/2018 08:49:06.01
PS c:\Scripts> .\FindUser.ps1 kwilliams
User kwilliams not currently logged in
PS c:\Scripts> .\FindUser.ps1 mjohnson
User mjohnson logged in at computer: WKSTA004
Logon Time: Wed 06/27/2018 08:04:52.18
User mjohnson logged in at computer: WKSTA003
Logon Time: Tue 06/26/2018 14:46:14.44
In the command session above, the PowerShell script FindUser.ps1 was run three times to find the computers three different users are currently logged into. The first time, the script prompts for the user sAMAccountName. The next two times a user sAMAccountName is passed as a parameter.
FindUser.txt <<-- Click here to view or download the program