Overblog
Editer l'article Suivre ce blog Administration + Créer mon blog

[powershell] get list of logon/logoff of logged user or another on this computer

Publié le par damcuvelier

<script>.ps1 without param -> for the logged user

<script>.ps1 -user toto -> for the user toto

 

Param([Parameter(Mandatory=$false)][string]$usr)
if(($usr)){$usr = $env:username}
$Results = @()

$logs = Get-WinEvent -LogName Security| Where-Object {$_.ID -eq 4634 -or $_.ID -eq 4624}

ForEach ($log in $logs)
{
if($log.Id -eq 4634){$type="SessionStop";$username=$log.Properties[1].Value;}
Else{$type="SessionStart";$username=$log.Properties[5].Value;}

if ($username -ne "") {$Results += New-Object PSObject -Property @{"Time" = $log.TimeCreated; "Event" = $type; "User" = $username};}
}

$Results | Where-Object {$_.User -contains $usr}

 

Commenter cet article

Retour à l'accueil