This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Total user Logons for an Asset

MarkG1125
Engaged Sweeper

‎11-30-2022 08:08 PM - last edited on ‎04-01-2024 12:28 PM by Community Manager

Is there a way to run a report that show how many times a user logs onto an asset over a period of time?

This would include unlocking their computer/asset.  How many time they had to log back on to a PC after their account was locked after machine inactivity.

Would like to see the Username and Asset.

 

Labels:
0 Kudos
4 REPLIES 4
Hendrik_VE
Champion Sweeper III

‎12-01-2022 09:40 AM

Alternatively, if for example you only need this kind of information very sporadically, you could write your own powershell script that queries the security eventlog for ID 4800 & 4801. Store the result from this query in a custom event (using the 'eventcreate' command) and create an LS report on this specific event.

We use this approach regularly eg. to check on unofficial hotspot usage, vulnerable files, large files/folders, etc....

rom
Champion Sweeper III
In response to Hendrik_VE

‎12-01-2022 01:21 PM

Man I totally go down rabbitt holes, sorry!  Hendricks is way better, I did that in the past, I don't know why I didn't think of that.  You can make a scheduled task to run the powershell commands, have it create a critical event so Lansweeper picks it up... make the frequency that you want, export the task as XML file... deploy it alongside the command to import it (i just use the command line command) and viola.  I would give you the command but I'm on my phone.  Ignore my other stuff as that's me going on a tangent.  I still recommend an active directory monitoring solution though.

0 Kudos
rom
Champion Sweeper III

‎11-30-2022 11:46 PM

Lansweeper is a as-requested or as-scheduled scanner, and it captures a point-in-time of the scan - i.e. if a user is logged on, it updates the user information as being logged on.  So, if user B logs on later after the scan, it won't capture that unless user B is still logged on during the next scheduled scan.

Lansweeper does have the ability to scan event logs though, and the user logins/logoffs and locks/unlocks of computers are stored in the security event log...  however, unfortunately you have to enable auditing on the security event log, which will increase the local event log sizes -  and, you will have to tell lansweeper to collect event log entries for type = informational - which will also increase the database size (event logs table) in Lansweeper. 

If you have a really small environment, you could probably get away with this.  If larger, you will probably slow down lansweeper and bloat the event log table considerably.  I think they warn you if you turn those on in the GUI.

For what its worth -  a reference is here:  https://stackoverflow.com/questions/11385164/eventviewer-eventid-for-lock-and-unlock

I would recommend using an active directory auditor/monitor such as ADAudit. 

You could make a report on the asset + users and logon counts (though this not granular like I mentioned above) but it gives you a rough idea...   reference:  https://community.lansweeper.com/t5/forum/report-on-user-logins-multiple-assets/m-p/30329

-Rom

MarkG1125
Engaged Sweeper
In response to rom

‎11-30-2022 11:55 PM

Very much appreciated!

0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now