Hi guys
Is there a tool or script or some other way of knowing what computer name a specific user is currently logged on to? Or even was logged on to?
Say the user "HRDrone" is working on his machine whose hostname is "HRStation01".
I, sitting at my sysadmin desk, only know that the username is "HRDrone". Any way i can find out that he is logged on to "HRStation01" without asking the user? AD event viewer? anything?
Thanks!
-
There is a great Sysinternals utility that will do just this for you - PsLoggedOn
JamesOff : Didn't twig psloggedon could scan the network for a particular user, I'd only used it to find who was on a particular machine. Thanks!V. Romanov : Checked it out. It seems interesting, but impractical for day-to-day use seeing as it takes literally hours to scan all the machines in the domain, crashing on computers that aren't connected and such. I'm looking for something more along the lines of an event log scanning. We have something similar in our antivirus system, where it logs every computer name and the user last logged on to it. I'm using that sometimes, but i wonder if there's something more "native" to windows.From Sam Cogan -
I'm not sure there is something live, but the Security Event Log records logins from users. Accessing the Event log on the DCs should be able to give you this information. That is provided that information is being collected. I think that is a policy setting.
This page from Microsoft describes a really slow and complicated way to query the event logs: http://technet.microsoft.com/en-us/library/ee176699.aspx
I'm pretty sure this won't help you, but it might work as an audit. I.e who was logged in when the bad stuff happened!
From Seanchán Torpéist
0 comments:
Post a Comment