Measure 'Idle' time between CTRL-ALT-DEL and user typing in password and loging on -Windows 7

Question

Windows 7 has the built in 'Boot Performance Diagnostics' and judging by the numerous reboots i've done, it does generate every now and then a detailed log on the user's login process and possible slowness.

That is not good enough for what I'm after though.

I want to measure EVERY Boot on a given machine.

There is little information however available on how to force it, except fiddling with registry keys that are System Protected so you don't tamper with them.

Some of the information can be found in the eventlogs so i switched to tracing the eventid 12

$yesterday = (get-date) - (New-TimeSpan -day 2)
$startuplog= Get-WinEvent  -FilterHashTable @{LogName='System'; ID=12;
StartTime=$yesterday} -ErrorAction SilentlyContinue 

But does anyone know how one can measure when the system was ready (ctrl-alt-del) and when the user hit the enter button after typing in the password? Is there a flag that can be set to raise such an event in a (diagnostics) event log?

Answer 1

You can compare the power state timestamp to the "Last Interactive Logon" feature of AD DS. That feature requires a domain functional level (DFF) of Windows Server 2008 r2 to work and workstation infrastructure of windows vista or later. The "msDS-LastSuccessfulInteractiveLogonTime" attribute is what you want. It's the time stamp of the last successful interactive logon (ctrl+alt+del).

To enable Last Interactive Logon on your domain:

http://technet.microsoft.com/en-us/library/dd446680(v=ws.10).aspx

Command to query attribute:

$Computer = 'hostname'
Get-ADComputer -Filter "name -eq $Computer" -Properties * | Select msDS-LastSuccessfulInteractiveLogonTime

P.S. Try to get away from using "-ErrorAction". In it's place, use Try/Catch/Finally code blocks. http://blogs.technet.com/b/heyscriptingguy/archive/2010/03/11/hey-scripting-guy-march-11-2010.aspx