*****
To join, leave or search the confocal microscopy listserv, go to:
http://lists.umn.edu/cgi-bin/wa?A0=confocalmicroscopy
*****
I had previously written some AWK scripts to pull out all the needed logon/logoff information from a "Save Log File As…" export of the Security Log Events file from our Windows XP computers, but as noted in the post from March, Windows 7 Logfiles have very different structures, so the AWK scripts no longer work.
However, I have very recently been testing the PowerShell script at:
http://gallery.technet.microsoft.com/scriptcenter/Log-Parser-to-Identify-8aac36bd
(FYI Description of security events in Windows 7 at http://support.microsoft.com/kb/977519)
It seems to work quite well on Windows 7 (and probably on Windows XP as well), and when you choose the "Table" option when you run the script in PowerShell, it produces an onscreen table of all Logon and Logoff events (and not all the system and network logon/logoff events) that you can select and paste into a document; alternately, you can modify the script to produce a file output automatically when you run the script - and no need for any other additional AWK or other scripts.
Sorry for the long delay since the original post back in March, but have just been testing this recently and hope that this PowerShell script might still be useful to people.
--Bruce
*************************************************
Bruce A. Stanley, Ph.D.
Director, Scientific Programs
Section of Research Resources H093, Room C1734
Director, Mass Spectrometry and Proteomics Facility
Co-Director, CTSI Translational Technologies Core Services Unit (TTCSU)
Penn State College of Medicine
500 University Drive
Hershey, PA 17033-2390
Office/Lab: (717) 531-5329
FAX: (717) 531-0239
Email: [log in to unmask]
WEB page:
http://med.psu.edu/web/core/bruce-stanley-research
*************************************************
*****E-Mail Confidentiality Notice*****
This message (including any attachments) contains information intended for a specific individual(s) and purpose that may be privileged, confidential or otherwise protected from disclosure pursuant to applicable law. Any inappropriate use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalty. If you have received this transmission in error, please reply to the sender indicating this error and delete the transmission from your system immediately.
On Mar 20, 2013, at 11:46 AM, Valeria Berno <[log in to unmask]> wrote:
> *****
> To join, leave or search the confocal microscopy listserv, go to:
> http://lists.umn.edu/cgi-bin/wa?A0=confocalmicroscopy
> *****
>
> Dear all,
>
> this seems not to be a proper confocal question but I know your great expertise could help me in solve this as the IT couldn't.....
>
> I am trying to recover the informations of logins on 2 computers in our facility ( to compare the real usage of the system). Both computers run on Windows7 and the Event viewer I can visualize do not contain the information on the name of the user logged in. As for Login user the system gave to me the name of the computer and a $ close to that.
>
> I managed so far to have the Event viewer working on all the Windows XP systems, but it seems Windows7 works in a different way.
>
> Thanks in advance for all your useful replies.
>
> Valeria
>
> --
> Valeria Berno,PhD
> Microscopy Facility Manager
> MRC Centre for Regenerative Medicine
> SCRM building
> The University of Edinburgh
> Edinburgh bioQuarter
> 5 Little France Drive
> Edinburgh
> EH16 4UU
> Tel Office 0131 6519521
>
>
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
|
