I'm looking into ways to track user login times (how long the login took as opposed to when they logged on) and I see Windows 7 does a very nice job of breaking this all out in the event logs for group policy. If I set up 13,000 PCs to forward their logons, what will that do to the server they are being sent to? I figure an average of 1-2 logons per computer per day. We get anywhere from 12,000 to 20,000 logons a day, and sometimes more than 530,000 a month. Can the event logs handle that volume and run a script to compile that into a database on the server, or should I be looking instead to write something on the local PC to parse through it and upload that to a database directly? Currently in the XP world, we use Script Logic to create tracefiles, and upload them to a central server to parse through and make reports on how long settings took to apply and what PCs and users need to be looked at for long logons that could take minutes to hours. I would like to move from Script Logic for Windows 7, but I need a way to duplicate this functionality.

Hi, Thanks for posting in Technet. Generally we do not need to use any third party tools or resetting the event log paths for startup logs. In Windows systems, the startup process will be recorded into the following log in Event Log: Application and service logs/Microsoft/Windows/Diagnostics-Performance/Operational Please specially check logs which have event ID 101. These are for boot performance monitoring. When you want to view the event on a client computer from your computer, you can open mmc.exe in your system, and choose File->Add/Remove Snap-ins, choose Event Viewer and click the Add button. Then point to the client computer you would like to monitor. Then you will open the event logs on that computer and check the logs. Arthur Xie TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Ok, so it's not recommended to forward those events then. Thanks, I will parse the scripts locally, since as far as I am aware, there is no Microsoft tool that could gather the amount of time logins took into one area for a chart or graph so you track the historical average login time across different parts of the company and determine if parts took longer than they have been taking. The event logs that you are pointing me to also may not be the ones I'm actually looking for, event ID 101 for my computer pops up as Outlook or other applications taking too long to load, ID 100 is closer to what I'm interested in with it's Boot Duration timer, but is that for the computer from the time it's turned on until the login screen, from the login screen until the desktop is released to the user, or from when it's turned on until it is released? From digging around, other logs I found to be close to what I'm looking for is in the group policy log with event IE 8001 saying how long the user logon policy processing took, although I understand that is just for the Group Policy part of it.

Hi, You are correct. The event ID 100 is the required log for startup troubleshooting. It records the time from power on to the logon process finishes and all startup up programs starts. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.