I need to search my index to determine when a user physically logs on to our network. Event 4624 queries result in all logon events mainly Type 3. I need to report when 'Joe' sat down and logged in and when 'joe' logs out from his workstation Logon Type 2. Thanks
