I am currently trying to figure out how to view a users login history to a specific machine. This command is meant to be ran locally to view how long consultant spends logged into a server.
I currently only have knowledge to this command that pulls the full EventLog but I need to filter it so it can display per-user or a specific user.
Get-EventLog System -Source Microsoft-Windows-WinLogon -After (Get-Date).AddDays(-5) -ComputerName $env:computername
Best Answer
Going off of the discussion in the comments, you can search the Event Log using Powershell.
Get-EventLog
allows you to access the Event Log, specifically the Security logsWhere-Object
specifies that you want any records that are newer than the provided dateWhere-Object
specifies the two Event IDs you're interested inSelect-Object
lets us only return columns we're interested having in the outputYou will likely need to run this from an elevated instance of Powershell since this is accessing the Windows registry.