Hi Victor,
If the previous posting was a bit heavy duty for you (I know it was for me),
you might like to check out this link:
http://www.eggheadcafe.com/software/aspnet/29370104/lastlogon-attribute.aspx
To sum it up .. there is not to my knowledge, any Group Policy that can do
what you want. The last logon date/time stamp for each user is stored on
each individual Domain Controller in AD as a NON-REPLICATED value (ie .. the
date/time stamp will be different depending on which DC is being queried).
To get the true last logon date of any user, you'll need to query all DCs. I
wrote a script a few years back to do just that, but it clunky. The script
available off the link above is probably much more sophisicated since it
looks like it was written by an MVP. I haven't looked at it myself, but
it'll probably do what you're looking for.\ with a bit of customisation for
your exact scenario.
Cheers
JediK9
PS - There is a wealth of info in Technet and KB Articles about the way AD
stores the last logon date/time stamp. If you're interested in delving
through the in's and out's of this stuff you won't be disappointed.