Windows 10: How to Fetch login and logoff event's from Powershell and Event viewer's accurately without...

Discus and support How to Fetch login and logoff event's from Powershell and Event viewer's accurately without... in Windows 10 Software and Apps to solve the problem; I have tried to fetch the Windows user login session, when did he logged in and logged out I mean device lock and unlock i want to calculate the user... Discussion in 'Windows 10 Software and Apps' started by Rohit Kumar Endroju, Mar 19, 2025.

  1. ROHIT KUMAR ENDROJU
    Rohit Kumar Endroju Win User

    How to Fetch login and logoff event's from Powershell and Event viewer's accurately without...


    I have tried to fetch the Windows user login session, when did he logged in and logged out I mean device lock and unlock i want to calculate the user activity session's time for the user in a Windows device,when I tried to fetch the session using PowerShell script with the event's id 4624 for logon event and 4634 for the logoff event but I got duplicate and even a case/situation like suppose I lock the screen at 10:40 am and unlock the screen at 10:45 am then, when I checked the events I got login event correctly but at the same time I got logoff event as well.Please find the Powershell sc

    :)
     
    Rohit Kumar Endroju, Mar 19, 2025
    #1
  2. GEEDI STINGRATE
    Geedi Stingrate Win User

    Login/Logoff events with the same timestamp

    Hello

    When checking on a laptop, I can see multiple login/logoff events with the same timestamp (same hour, same minute, same second but a difference of milliseconds).

    What I was able to saw is that the TargetLogonID is the same, and when checking the PID of the process responsible for the logon/logoff, it leads me to the process lsass (responsible for the authentication process).

    When I try to WIN+L /Lock my screen, this is at the moment I unlock that I am getting the Logon+Logoff events at the same time.
    So in terms of process responsible etc... no anomalies

    Could you please help me understand what coold be the root cause of those login+logoff events at the same seconds?

    My device is Win10

    Thanks
     
    Geedi Stingrate, Mar 19, 2025
    #2
  3. TRY3
    Try3 Win User
    Event viewer

    I suggest you re-install the video driver. I'll add a few words of explanation about Event viewer in a moment. They won't affect the need to reinstall that driver as your first step. Denis
     
    Try3, Mar 19, 2025
    #3
  4. SPIKE47
    spike47 Win User

    How to Fetch login and logoff event's from Powershell and Event viewer's accurately without...

    Error in event viewer

    Hi

    I keep geting the following in the Event viewer ,
    The description for Event ID (4) in source ( SuperProServer ) cannot be found . the local computer may not have the necessary registry information or message DLL files to display message from a remote computer . You may be able to use /AUXSOURCE= flag to retrieve this description . The following information is part of the event, The event log file is corrupt .

    has anyone any ideas has to what this means .

    cheers
     
    spike47, Mar 19, 2025
    #4
Thema:

How to Fetch login and logoff event's from Powershell and Event viewer's accurately without...

Loading...

  1. How to Fetch login and logoff event's from Powershell and Event viewer's accurately without... - Similar Threads - Fetch login logoff

  2. Noticed Weird Powershell Logs in Event Viewer

    in Windows 10 Gaming
    Noticed Weird Powershell Logs in Event Viewer: So I happened to be looking at Event Viewer and I noticed these strange Powershell Logs, some of which have the Task Category "Execute a Remote Command". Does this look suspicious/malicious and what could I do to find out more about what Applications or Tasks are executing...

  3. Noticed Weird Powershell Logs in Event Viewer

    in Windows 10 Software and Apps
    Noticed Weird Powershell Logs in Event Viewer: So I happened to be looking at Event Viewer and I noticed these strange Powershell Logs, some of which have the Task Category "Execute a Remote Command". Does this look suspicious/malicious and what could I do to find out more about what Applications or Tasks are executing...

  4. How to Fetch login and logoff event's from Powershell and Event viewer's accurately without...

    in Windows 10 Gaming
    How to Fetch login and logoff event's from Powershell and Event viewer's accurately without...: I have tried to fetch the Windows user login session, when did he logged in and logged out I mean device lock and unlock i want to calculate the user activity session's time for the user in a Windows device,when I tried to fetch the session using PowerShell script with the...

  5. Bunch of powershell events came up from event viewer

    in Windows 10 Gaming
    Bunch of powershell events came up from event viewer: This is one of the events that I saw on one of our computers. Can someone please help me understand why I'm getting those events. Is powershell really trying to access the site http://lgbibzuehbz.top/1.php?s=527;iex ? The link is malicious when I checked from URL void and...

  6. Bunch of powershell events came up from event viewer

    in Windows 10 Software and Apps
    Bunch of powershell events came up from event viewer: This is one of the events that I saw on one of our computers. Can someone please help me understand why I'm getting those events. Is powershell really trying to access the site http://lgbibzuehbz.top/1.php?s=527;iex ? The link is malicious when I checked from URL void and...

  7. Login/Logoff events with the same timestamp

    in Windows 10 Gaming
    Login/Logoff events with the same timestamp: HelloWhen checking on a laptop, I can see multiple login/logoff events with the same timestamp same hour, same minute, same second but a difference of milliseconds.What I was able to saw is that the TargetLogonID is the same, and when checking the PID of the process...

  8. Login/Logoff events with the same timestamp

    in Windows 10 Software and Apps
    Login/Logoff events with the same timestamp: HelloWhen checking on a laptop, I can see multiple login/logoff events with the same timestamp same hour, same minute, same second but a difference of milliseconds.What I was able to saw is that the TargetLogonID is the same, and when checking the PID of the process...

  9. Login/Logoff events with the same timestamp

    in AntiVirus, Firewalls and System Security
    Login/Logoff events with the same timestamp: HelloWhen checking on a laptop, I can see multiple login/logoff events with the same timestamp same hour, same minute, same second but a difference of milliseconds.What I was able to saw is that the TargetLogonID is the same, and when checking the PID of the process...

  10. how to recover events deleted from event viewer

    in Windows 10 Customization
    how to recover events deleted from event viewer: Hi all, I mistakenly deleted events from event viewer "Clear log..." utility I have not a backup second mistake do you know if they are permanently deleted or is there a chance to recover them? a kind of bin? thanks Ale...