Here's something i came up with to find when users are logging on and off of their machines.
First we need to create a powershell script to find the actual info (i wish i wrote this, found it on the internet):
$UserProperty = @{n="User";e={(New-Object System.Security.Principal.SecurityIdentifier $_.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])}}
$TypeProperty = @{n="Action";e={if($_.EventID -eq 7001) {"Logon"} else {"Logoff"}}}
$TimeProeprty = @{n="Time";e={$_.TimeGenerated}}
Get-EventLog System -Source Microsoft-Windows-Winlogon | select $UserProperty,$TypeProperty,$TimeProeprty
Save this as "get_logon_logoff.ps1"
Next create a new script in the K1000.
Script type = Shell Script.
Upload the ps1 file as a dependency for the script.
Enter this for this script text.
IF NOT EXIST C:\windows\tvg (
mkdir c:\windows\tvg
)
powershell.exe -nologo -executionpolicy bypass -WindowStyle hidden -noprofile -file get_logon_logoff.ps1 > c:\windows\tvg\log.txt
Also make sure you change the script name from script.sh to script.bat.
Run this script on your test machine.
Next to actually see the information we'll create a custom inventory rule.
I called mine "Log on / Log off", but it doesn't really matter.
Whats important is the rule syntax:
ShellCommandTextReturn(cmd.exe /c type c:\windows\tvg\log.txt)
This is what it looks like when we're all done.
I hope this helps and you guys like it!
**post edit, in the script text there should only be one ">" instead of 2 (">>"). I corrected in the code but not the pic.
Also, is there a better way to prevent the CMD screen from flashing? I know some users that would notice this right away. - dugullett 12 years ago
$d = [DateTime]::Today.AddDays(-45);
Then change the last line to something like this:
Get-EventLog System -Source Microsoft-Windows-Winlogon -After $d
As for hiding the Window, nothing i've found yet.... If anybody has any ideas that would be much appreciated. - dchristian 12 years ago
I use this
http://www.f2ko.de/programs.php?lang=en&pid=b2e - andibogard 12 years ago
Display Name = "Whatever"
Be sure to select the supported operating systems.
In this case he used "ShellCommandTextReturn(cmd.exe /c type c:\windows\tvg\log.txt)" under custom inventory rule. This will get the output of the text file and output to the custom fields under your computer inventory. After an inventory update.
It can also be used for registry entries. It comes in handy when reporting. - dugullett 12 years ago
In the script configuration,
Do you Run as local system?
Do you Schedule it to run? - ohiosoundguy 12 years ago
tested and it works - burtono 11 years ago