I'm thinking of creating a logon tracking tool that would let you see every time a user has logged on and which computer they logged on to (because a lot of people keep asking me if I make such a tool already) but it is actually pretty difficult to get the relevant logon details. The only place this information gets stored is in the event logs of your DCs and only if you've got logon auditing enabled - but the events that get generated are pretty terrible to try and parse into a definitive "user X logged on to computer Y at this time" record.
There are other issues with this event log collection method as well (I've explained in more detail on my blog here) so I started considering writing an agent that would get pushed out to each workstation and could then locally track logons on each PC in real time as they happen and send the relevant data off to a service running on a central server. I've already written a proof of concept service that does that, and this gets around all of the problems with the DC event log collection method (as well as introducing some other benefits such as being able to track logoffs and the user locking/unlocking their PC as well).
However, I'm well aware that a lot of people wouldn't be too keen on the idea of having to push out an agent to each of their workstations and servers just to track logons. So I want to ask you guys if the requirement for an agent would completely put you off such a system or if its something you think you could tolerate if you were looking for a logon tracking system like this?
At the end of the day the tools I make are aimed at helping you guys so your opinions are very important to me, and even though I worked as an IT admin for several years I can't speak for everyone so I'm always keen to get as much feedback as possible from other IT admins when making my tools.
Oh and as always if I do make it then I'll be releasing a free edition as well - to be honest depending on how complex and powerful I end up making it, I might even just release it purely as a free tool.
Thanks :)
Chris