Active Directory

How can I intercept user authorization actions on a computer (Win + L) in an AD domain?

Good afternoon, there is an intranet network with Active Directory.
Interested in such a question, is it possible to somehow receive and save information, as it were, about the current state of the user.
Namely, for example, let's say there is a database with an activity table in which, let's say, there are columns: PC_NAME;LOGIN;LAST_LOCK;LAST_ACCESS;LAST_LOGIN;LAST_LOGOUT; (the last 4 is a date field)
And maybe it’s possible at the policy level, with a script or something similar, but the point is.
When a computer / user is online for the first time and logs in for the first time under his login, it turns out that a line appears in the database with the computer name, user login and the LAST_LOGIN field (and probably also LAST_ACCESS right away)
Then he works, pressed Win + L, or left and the computer itself locked itself after 15 minutes, then the line created earlier is updated and the value of LAST_LOCK appears.
It returns again, enters again, the LAST_ACCESS field is updated
Worked, went home - turns off the computer => LAST_LOGOUT