[THIN] Re: Audit login/logoff for 1 user (Out of Office)

  • From: "Kevin Boatright" <BoatrKe1@xxxxxxxxxxxxxxxxxx>
  • To: "thin@xxxxxxxxxxxxx" <thin@xxxxxxxxxxxxx>, "Angela" <angela_smith9@xxxxxxxxxxx>
  • Date: Fri, 24 Oct 2014 23:10:57 -0400

I will be out of the office Friday Oct 24th.


>>> Angela <angela_smith9@xxxxxxxxxxx> 10/24/14 23:10 >>>


Does anyone know a
way to interrogate Event Viewer to get login/logoff details for a specific user
account (local account) in Windows 2008?.  I created a Custom View using a
XML filter in Event Viewer with the following: 


Id="0" Path="Security"> 

<Select Path="Security"> 



TimeCreated[timediff(@SystemTime) &lt;= 2592000000]] 


EventData[Data[@Name='TargetUserName'] and (Data='UserAccount')] 


EventData[Data[@Name='LogonType'] and (Data='10')]] 




This works for logon
info but cannot incorporate the logoff code as I get syntax errors.  Has
anyone performed this?  

"This electronic mail message contains information which may be confidential, 
privileged and protected from further disclosure. Such information relates to 
and is used for all purposes outlined in the statutes below, including Peer 
Review, Performance Improvement, Quality Assurance and Claims Management and 
Handling functions and/or Attorney-Client Communications. It is being produced 
within the scope of all Georgia and Federal laws governing record 
confidentiality, including (but not limited to) Official Code of Georgia 
Annotated Sections 31-7-15; 31-7-130; 31-7-131; 31-7-132; 31-7-133; 31-7-140; 
If you are not the intended recipient, please be aware that any disclosure, 
photocopying, distribution or use of the contents of the received information 
is prohibited. If you have received this e-mail in error, please reply to the 
sender immediately and permanently delete this message and all copies of it. 
Thank you.

Communication of electronic protected health information (ePHI) is protected 
under the Health Insurance Portability and Accountability Act (HIPAA) Act of 
1996. Electronic mail (e-mail) communication is not encrypted or secure. The 
HIPAA Security Rule allows for patients to initiate communication of personal 
health information over this medium and for providers to respond accordingly 
with the understanding that privacy of communication is not guaranteed."

For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:

Other related posts: