Do not solve administrative problems by technical means.
A successful logon at 8:01 and logof at 17:59 does not guarantee sitting in classmates all day.
Yes, and a simple IP camera with a video recording server will cost 3000-5000 rubles (Trendnet works for a similar purpose, the bundled software can write an archive).
Well, if you really want to mess around, then:
1) put a script on the login and logout of the system (you can at least echo %username% %computername% %time% %date% logged on >> \\servername\share\logon.txt )
2 ) during operation, you can get logged in users on workstations, you can use a script via WMI, for example PowerShell, you can use www.softperfect.com/products/networkscanner/

Each domain controller has its own log, so the easiest and most correct way is
to write a PowerShell script that will write to one common log file somewhere on the network ball from the event system who logged into the network where in the console and who where and when gave the exit/reboot command /shutdown.
The second creak to write a simple parser with the calculation of the time difference.
But this does not negate the fact that, for example, technical support can log in on more than a dozen machines in a day, and a script hung via GPO on a login event will work on all machines in the domain.
But at the same time, this does not negate the fact that, for example, at my last job, despite all the prohibitions, half of the machines in the domain at the main office turned on on Monday morning and turned off (whether?) on Friday evening, and the workstations of half of the IT department employees rebooted only when applying next updates on the WSUS server.
It has already been said above that this does not negate the fact that the user turned on his PC at 8-59 and turned it off at 18-01, he will not do any garbage on his favorite site / solitaire and so on.
And it’s more logical to do time tracking systems at the checkpoint,

Well, the login/logout logs are available out of the box in the Active Directory domain controller. But as for the start of "work", it's not so simple. For example, you can take some keylogger and let it write logs to some network drive.