Solved

I have the computer name, how can I determine which user account logged into this computer last?

Posted on 2008-06-18
3
167 Views
Last Modified: 2010-04-21
A PC who's name I don't recognize was logged connecting to a server via RDP.  I know I can get the mac address from the IP that the computer name resolves to, and then view the arp cache on the Cisco switch to identify which port the suspect computer terminates into...but then I'd have to locate the labeled port in the big office from where it terminates at in the patch panel, and that won't be fun, and will take some time.  Isn't there an easy way that I'm overlooking, to see which user account last logged into a suspect PC?
0
Comment
Question by:guitar_dave
3 Comments
 
LVL 17

Accepted Solution

by:
Andres Perales earned 350 total points
ID: 21815602
You can the security log in the event viewer...you are auditing logs right?
0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 150 total points
ID: 21815624
Only if you can connect to the box's Registry remotely. If you can, then interrogate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\defaultusername (if XP) or  HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI (if Vista)

0
 

Author Closing Comment

by:guitar_dave
ID: 31468510
Thanks, I was able to see that a domain admin account was logged in the servers' security event log at the time of the incident.  I was able to determine who this was because not many of my users know this account's password.
0

Join & Write a Comment

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now