Solved

I have the computer name, how can I determine which user account logged into this computer last?

Posted on 2008-06-18
3
177 Views
Last Modified: 2010-04-21
A PC who's name I don't recognize was logged connecting to a server via RDP.  I know I can get the mac address from the IP that the computer name resolves to, and then view the arp cache on the Cisco switch to identify which port the suspect computer terminates into...but then I'd have to locate the labeled port in the big office from where it terminates at in the patch panel, and that won't be fun, and will take some time.  Isn't there an easy way that I'm overlooking, to see which user account last logged into a suspect PC?
0
Comment
Question by:guitar_dave
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 17

Accepted Solution

by:
Andres Perales earned 350 total points
ID: 21815602
You can the security log in the event viewer...you are auditing logs right?
0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 150 total points
ID: 21815624
Only if you can connect to the box's Registry remotely. If you can, then interrogate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\defaultusername (if XP) or  HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI (if Vista)

0
 

Author Closing Comment

by:guitar_dave
ID: 31468510
Thanks, I was able to see that a domain admin account was logged in the servers' security event log at the time of the incident.  I was able to determine who this was because not many of my users know this account's password.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question