NTLast from FoundStone is a simple security auditing command line tool for Windows specifically targeted for serious security and IIS administration. Scheduled review of your NT event logs is critical for your network. A server breach can be uncovered by regular system auditing. Identifying and tracking who has gained access to your system, then documenting the details is now made easier with NTLast. This tool is able to quickly report on the status of IIS users, as well as filter out web server logons from console logons. NTLast can distinguish between remote and interactive logons and match Logon/Logoff times.
While NTLast is designed for Windows NT, it is a Win32 command line tool which works perfectly on Windows 2000, Windows XP and Windows 2003. NTLast can be run on the local system or on a remote system which has the Audit Logging enabled and the user running the command has Administrator privileges.