Author Posts

October 28, 2015 at 12:50 am

I have been tasked to monitor a users access to the system and as well as monitoring thier mailbox access (please see my other post) I have decided that monitring thier Direct Access activity will also assist with this goal.

So far all I have is the Get-RemoteAccessConnectionStatistics -StartDateTime Command, I would like the -StartDateTime value to be specified as the last 24hours previous to the time of the script being run. Also I intend to filter the results using the Where-Object Command and specifying the Username. I would also like the output of this to show the user's name and the various periods of time they have accessed the system showing a duration in HH/MM format as well as a date...

October 28, 2015 at 2:10 am

Sorry, I do not have a direct access server available to test this, however this should get you started:

Get-RemoteAccessConnectionStatistics -StartDateTime (Get-Date).AddHours(-24) | Where-Object UserName -eq "someUserName"

This will get the statistics for the last 24 hours for a specific user called "SomeUserName".

The object(s) returned from the cmdlet is:

For accounting statistics, the array of RemoteAccessConnection objects consists of the following properties. A separate instance of the object is outputted for every connection.
— The user name of the user logged in.
— The IPv4 address of the client computer.
— The IPv6 address of the client computer.
— The host name of the client computer.
— The internet-facing IP address of the client.
— The tunnel type: VPN tunnel or ESP tunnel for DA.
— The transition technology used in the DA connection: native IPv6, Teredo, IPHTTPS, Isatap, 6to4.
— The time stamp when the connection was setup.
— The time duration of connection.
— The total number of bytes received on the connection so far.
— The total number of bytes sent on the connection so far.
— The connection type: DA or VPN.
— The health status: Indicates the NAP health status.
— The authentication method used to authenticate the user and computer in VPN and DA.

October 28, 2015 at 2:45 am

Many thanks Tore – this was a massive step in the right direction, I just now need to amend the ConnectionDuration Value so it is displayed in HH:MM:SS rather than just seconds....

October 28, 2015 at 6:02 am

That should be easy if "The time duration of connection" is given in total seconds.


$ConnectionDurationsInSeconds = 3601 # one hour and one second

$TimeFormatted = [datetime]::MinValue.AddSeconds($connectionDurationsInSeconds).ToString("HH:mm:ss")

$RemoteAccessConnectionStatisticsObject | Add-Member -MemberType NoteProperty -Name Duration -Value $TimeFormatted

October 29, 2015 at 6:43 am

Many thanks, forgive me though I dont not understand how this will fit in with my current script;

[powershell]
$css = @"

table {
border-spacing: 0px;
border-collapse: collapse;
background: #FFFFFF;
border: 2px solid #000000;
font-family:arial;
}
table td {
text-align: left;
border: 0px;
border-bottom: 2px solid #000000;
border-left: 2px solid #000000;
padding: 0.1em 0.5em;
font-family:arial;
color: #000000
}
table th {
text-align: left;
font-weight: bold;
background-color: #712b91;
padding: 0.1em 0.5em;
color: #FFFFFF;
border: 2px solid #000000;
font-family:arial;
}

"@
Get-RemoteAccessConnectionStatistics -StartDateTime (get-date).Addhours(-24) | Where UserName -Eq fch\JoeBloggs | select UserName,ConnectionStartTime,ConnectionDuration | ConvertTo-Html -Head $css | Out-File \\ServerHostname\c$\DAAudit.html

October 29, 2015 at 6:59 am

Leon,

You can define a custom property in your select statement. Change this

select UserName,ConnectionStartTime,ConnectionDuration 

to this

Select UserName, ConnectionStartTime, @{ Label = "ConnectionDuration"; Expression = { ( New-TimeSpan -Seconds $_.ConnectionDuration ).ToString() } }

October 29, 2015 at 7:46 am

Many thanks for the help on this Guys!