Hello,
We have users travelling all over the state logging into different machines in different VPN offices in our '03 AD domain. At times I have been asked to get things like the Internet History for a certain user. Since they can log onto any machine in the state this can become time consuming and diffiicult. (At least for me with my limited knowledge.) I have been trying to figure out a way to easily list which computers a user has logged onto.
What I have come up with is using logon/logoff scripts which write small files to a dropbox folder. The filename includes an action like logon,logoff and the computername and username. (ie This info is also written in the file along wiith the time.) Using get-childitem with a custom filter can easily get me a history of which computers a user has logged onto as well as a history of who all has logged onto a certain machine and when. I also can get a restart history report for any machine by adding startup/shutdown scripts. I finally pipe this to FT for nice usage report.
I understand that this information can be gleaned from logfiles but parsing through all the logfiles on all the individual machines just seems wrong. Is there another way to easily and quickly get the kind information I need? Is it hidden on a DC someplace? We are tracking object access so my security logs are huge and dont hold the 3 month history that I desire.
Michael