Windows Login

15 pts.
Microsoft Systems Management Server
Is there a way of knowing who and when was the last time a user login to a machine. Thanks

Answer Wiki

Thanks. We'll let you know when a new response is added.

I just did a search on Google, you can find the information you require in the “Event Viewer” on my XP Pro its in Administrative Tools located in the Control Panel.

If you select the “System” view and then select the User column it will filter all events by User ID. I dont think this gives you exact Logon Times but will show you activity of various users.

Discuss This Question: 5  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Nephi1
    There are 2 ways 1) Looking at the last log in time for each user (I know the local PC has it but not too sure if a domain user creates the registry keys on the local PC). From this you can work out who was on last. 2) Enable successful (& failed) login (& logout) attempts using the security policy. This would show when someone attempted to log in/out and if someone attempted to log in with a bad password. This one would be better if you need to trace actions back in time. Where as the other one is constantly changed each time a user logs in. -- Nephi
    0 pointsBadges:
  • Spadasoe
    If in active directory domain, download the Account Lockout and Management Tools suite which includes acctinfo.dll. This will give you a lot of info: last logon, password age, SID, GUID. In a standalone, if auditing is enabled for logon events, check the security eventlog
    5,130 pointsBadges:
  • Polydore
    You can view the login/logout information in the event viewer. But before this is possible, you need to enable "audit Policies" under the Local Security Settings (Control Panel - Administrattive tools). Select: Security settings - Local Policies - Audit policies. then you need to turn on Audit logon events (success and/or failures). Note, if the computer is part of AD Domain, then you can do the changes through Group policies on the Domain controller. Hope that helps!
    0 pointsBadges:
  • AndyPaul
    This is a little different, but if you are wanting to programatically view user logins, not necessarily against an individual machine, but against the whole domain, you can use WMI scripts. Here is a sample script I use which writes to a local Access database. Const ADS_SCOPE_SUBTREE = 2 on error resume next Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection objCommand.Properties("Page Size") = 1000 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.CommandText = _ "SELECT ADsPath FROM 'LDAP://ou=Users,dc=mydoman,dc=local'" Set objRecordSet = objCommand.Execute Set objConn = CreateObject("ADODB.Connection") Set objRS = CreateObject("ADODB.Recordset") objConn.Open "DSN=EventLogs;" objRS.CursorLocation = 3 objRS.Open "SELECT * FROM Users" , objConn, 3, 3 objRecordSet.MoveFirst Do Until objRecordSet.EOF 'objRecordSet.Fields("ADsPath").Value Set objOU = GetObject (objRecordSet.Fields("ADsPath").Value) ObjOU.Filter= Array("user") For Each objUser in objOU objRS.AddNew objRS("OU") = objRecordSet.Fields("ADsPath").Value objRS("User") = objuser.sAMAccountName objRS("FullName") = objRS("LastLogon") = objuser.lastlogin ' objRS("LastLogoff") = objuser.lastlogoff objRS.Update Next objRecordSet.MoveNext Loop objRS.Close objConn.Close Wscript.Echo "User Scan Complete"
    0 pointsBadges:
  • DaJackel
    Not to be a buzz kill to anyone but how about this "one liner" from the command prompt of one of your domain controllers net user %username% if you are unsure of the username just type "net user" and that will list your users.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: