Solved

I have the computer name, how can I determine which user account logged into this computer last?

Posted on 2008-06-18
3
175 Views
Last Modified: 2010-04-21
A PC who's name I don't recognize was logged connecting to a server via RDP.  I know I can get the mac address from the IP that the computer name resolves to, and then view the arp cache on the Cisco switch to identify which port the suspect computer terminates into...but then I'd have to locate the labeled port in the big office from where it terminates at in the patch panel, and that won't be fun, and will take some time.  Isn't there an easy way that I'm overlooking, to see which user account last logged into a suspect PC?
0
Comment
Question by:guitar_dave
3 Comments
 
LVL 17

Accepted Solution

by:
Andres Perales earned 350 total points
ID: 21815602
You can the security log in the event viewer...you are auditing logs right?
0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 150 total points
ID: 21815624
Only if you can connect to the box's Registry remotely. If you can, then interrogate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\defaultusername (if XP) or  HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI (if Vista)

0
 

Author Closing Comment

by:guitar_dave
ID: 31468510
Thanks, I was able to see that a domain admin account was logged in the servers' security event log at the time of the incident.  I was able to determine who this was because not many of my users know this account's password.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question