[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Any way to find who all in the network use Domain/Admin credential to login/Remote login

Posted on 2007-07-22
4
Medium Priority
?
370 Views
Last Modified: 2010-03-05
Hi,

Any way to find who all in the network use Domain/Admin credential to login/Remote login.
If anyone has used domain/administrator credential to loggin.

Regards
Sharath
0
Comment
Question by:bsharath
  • 2
4 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 19543860
Sharath, it is not possible to know "who" has used the Administrator account to log in.  You *may* be able to know "where" they have logged in, if your Domain Controllers are set to Audit logins.  You could interrogate the Event Log to filter the Audit list by Administrator logons, and you can see which computer was used.

The other way to do this, which I use, is to include in your logon script, a script that records the time and computer for each user to a text file.  Then, at any time, you can open the Administrator.txt file, and you will see where that account has been used.

Regards,

Rob.

'=======================
Option Explicit
'On Error Resume Next

Dim WSHShell, WSHProcess, strUserName, strHostName, strCommand

Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8

Set WSHShell = CreateObject("Wscript.Shell")
Set WSHProcess = WSHShell.Environment("Process")

strUserName = WSHProcess("USERNAME")
strHostName = WSHProcess("COMPUTERNAME")


Dim objShell, strComputer, objWMIService, colComputerIP, IPConfig, intIPCount, strIPAddress, strFullIP
Dim  objFSO, objFile, strOutputFile
Dim strContents, arrLinesInFile, intLineCount, intMaxLinesAllowed

strComputer = "."

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objShell = CreateObject("WScript.Shell")

Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colComputerIP = objWMIService.ExecQuery _
    ("Select * from Win32_NetworkAdapterConfiguration")
 
For Each IPConfig in colComputerIP
      If Not IsNull(IPConfig.IPAddress) Then
        For intIPCount = LBound(IPConfig.IPAddress) To UBound(IPConfig.IPAddress)
                strIPAddress = strIPAddress & "IP Address: " & IPConfig.IPAddress(intIPCount) & "~"
            Next
      End If
Next

If InStr(strIPAddress, "192.168.10.") > 0 Then
      strFullIP = Mid(strIPAddress, InStr(strIPAddress, "192.168.10."), InStr(InStr(strIPAddress, "192.168.10."), strIPAddress, "~") - InStr(strIPAddress, "192.168.10."))
ElseIf InStr(strIPAddress, "192.168.100.") > 0 Then
      strFullIP = Mid(strIPAddress, InStr(strIPAddress, "192.168.142."), InStr(InStr(strIPAddress, "192.168.142."), strIPAddress, "~") - InStr(strIPAddress, "192.168.142."))
Else
      strFullIP = "UNKNOWN"
End If

If Len(strFullIP) > 1 And Right(strFullIP, 1) = "~" Then
      strFullIP = Left(strFullIP, Len(strFullIP) - 1)
End If
      
' /////// Define the text file name as the name of the user //////////
strOutputFile = "\\SERVER\UserLogins$\" & strUserName & ".txt"

On Error Resume Next

'/////// Open the user's text file for reading first to be able to count the number of lines ///////
'Set objFile = objFSO.OpenTextFile ("\\SERVER\UserLogins$\" & strOutputFile, ForAppending, True)
Set objFile = objFSO.OpenTextFile (strOutputFile, ForReading, True)

'////// Set this value to the maximum number of entries allowed per user's text file
'////// Set this value to 0 or -1 to have unlimited lines
intMaxLinesAllowed = -1

strContents = ""
strContents = objFile.ReadAll

If Len(strContents) > 0 Then
      arrLinesInFile = Split(strContents, vbCrLf)
      If intMaxLinesAllowed > 0 Then
            If UBound(arrLinesInFile) > (intMaxLinesAllowed - 1) Then
                  strContents = ""
                  For intLineCount = 0 To (intMaxLinesAllowed - 2)
                        strContents = strContents & arrLinesInFile(intLineCount) & VbCrLf
                  Next
                  strContents = strContents & arrLinesInFile((intMaxLinesAllowed - 1))
            End If
      End If
End If

'MsgBox "There are " & UBound(arrLinesInFile) & " lines in the file before adding 1."

Set objFile = objFSO.OpenTextFile (strOutputFile, ForWriting, True)
objFile.Write(Pad_String(strFullIP, 20, "Right", " ") & "|  " & Pad_String(strHostName, 24, "Right", " ") & "|  " & Now & VbCrLf & strContents)

objFile.Close

On Error Goto 0


'*************************************************************

Function Pad_String(strOriginalString, intTotalLengthRequired, strDirection, strCharacterToPadWith)

      'Declare variants used in this function.
      Dim intPadCount, strPadding
      
      'Convert imput direction to lower case.
      strDirection = LCase(strDirection)
      
      'Trim input string if larger than pad length
      If (Len(strOriginalString) > intTotalLengthRequired) Then
            strOriginalString = Left(strOriginalString, intTotalLengthRequired)
      End If
      
      'Take first character if input pad character is more than a single character.
      If (Len(strCharacterToPadWith) > 1) Then
            strCharacterToPadWith = Left(strCharacterToPadWith, 1)
      End If
      
      'Generate padding string
      For intPadCount = 1 to intTotalLengthRequired - Len(strOriginalString)
            strPadding = strCharacterToPadWith & strPadding
      Next
      
      If strDirection <> "left" And strDirection <> "right" Then
            strDirection = "right"
      End If
      
      'Return padded string based on direction.
      Select Case strDirection
            Case "left"
                  Pad_String = strPadding & strOriginalString
            Case "right"
                  Pad_String = strOriginalString & strPadding
      End Select

End Function

'*************************************************************
'==============
0
 
LVL 11

Author Comment

by:bsharath
ID: 19544771
The above script.Should i put it in the logon script?
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 2000 total points
ID: 19544786
Yes, if you change these lines:
' /////// Define the text file name as the name of the user //////////
strOutputFile = "\\SERVER\UserLogins$\" & strUserName & ".txt"

to reflect a network Share to store the text files.

Then, as people log in, they will run this script, and a text file called %username%.txt will be written the share specified above, which you can open.

Regards.

Rob.
0
 
LVL 1

Expert Comment

by:Sean
ID: 20703076
Hi Rob,

I am guessing that I should modify these lines right?

If InStr(strIPAddress, "192.168.10.") > 0 Then
      strFullIP = Mid(strIPAddress, InStr(strIPAddress, "192.168.10."), InStr(InStr(strIPAddress, "192.168.10."), strIPAddress, "~") - InStr(strIPAddress, "192.168.10."))
ElseIf InStr(strIPAddress, "192.168.100.") > 0 Then
      strFullIP = Mid(strIPAddress, InStr(strIPAddress, "192.168.142."), InStr(InStr(strIPAddress, "192.168.142."), strIPAddress, "~") - InStr(strIPAddress, "192.168.142."))
Else
      strFullIP = "UNKNOWN"
End If


Thanks
Sean
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question