Solved

I have the computer name, how can I determine which user account logged into this computer last?

Posted on 2008-06-18
3
173 Views
Last Modified: 2010-04-21
A PC who's name I don't recognize was logged connecting to a server via RDP.  I know I can get the mac address from the IP that the computer name resolves to, and then view the arp cache on the Cisco switch to identify which port the suspect computer terminates into...but then I'd have to locate the labeled port in the big office from where it terminates at in the patch panel, and that won't be fun, and will take some time.  Isn't there an easy way that I'm overlooking, to see which user account last logged into a suspect PC?
0
Comment
Question by:guitar_dave
3 Comments
 
LVL 17

Accepted Solution

by:
Andres Perales earned 350 total points
ID: 21815602
You can the security log in the event viewer...you are auditing logs right?
0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 150 total points
ID: 21815624
Only if you can connect to the box's Registry remotely. If you can, then interrogate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\defaultusername (if XP) or  HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI (if Vista)

0
 

Author Closing Comment

by:guitar_dave
ID: 31468510
Thanks, I was able to see that a domain admin account was logged in the servers' security event log at the time of the incident.  I was able to determine who this was because not many of my users know this account's password.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question