The easiest way to do this is to turn on auditing for logons and logoffs. In Active Directory Users and Computers, open a group policy object (GPO), and maneuver to Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy. Under Audit Logon Events, you can set the machine to log whenever a user attempts to log on to a system, either interactively or over the network. This will also log failed as well as successful logons and logoffs.
This was first published in March 2003