Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

VBS to Retrieve the computer a user is logged on.

Posted on 2009-05-14
8
Medium Priority
?
367 Views
Last Modified: 2012-05-07
I would like to have a script that retrieves computer names in the Active Directory Domain, where a certain user account has logged on, or there is a process running under certain user account.
For instance a script that shows an input box to enter a user account then it searches the domain and retrieves any computer name that has been logged by that user account or if there is any process running with that user account?

Thanks
0
Comment
Question by:jskfan
  • 4
  • 3
8 Comments
 
LVL 38

Expert Comment

by:Shift-3
ID: 24387781
Paste the script below into a text file with a .vbs extension.  Customize the value of the strContainer variable with the distinguished name of the domain or OU to search under.  Running the script will prompt for the username and then query every computer for processes running under it.

This is necessarily quite slow, as the script has to check every machine.


Const ADS_SCOPE_SUBTREE = 2
 
strContainer = "ou=workstations,dc=yourdomain,dc=local"
 
strUser = InputBox("Enter the user, in the format DOMAIN\USERNAME", "Process Query")
 
On Error Resume Next
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
 
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select Name From 'LDAP://" & strContainer & "' Where objectCategory='computer'"  
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
 
Do Until objRecordSet.EOF
    blnFound = False
    strComputer = objRecordSet.Fields("Name").Value
 
    If PingCheck(strComputer, 1, 0) Then
        Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
        Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process")
 
        For Each objProcess in colProcessList
            objProcess.GetOwner strProcUser, strProcDomain
            If LCase(strProcDomain & "\" & strProcUser) = LCase(strUser) Then
                blnFound = True
            End If
        Next
        
        If blnFound Then
            strList = strList & strComputer & vbCrLf
        End If
    End If
    
    objRecordSet.MoveNext
Loop
 
WScript.Echo "The user " & strUser & _
    " has processes running on the following computers: " & vbCrLf & strList
 
Function PingCheck(strTarget, strPings, intPause)
    Const ForReading = 1
    
    Set objShell = CreateObject("WScript.Shell")
    strTempDir = objShell.ExpandEnvironmentStrings("%temp%")
 
    strTempFile = strTempDir & "\script-" & strTarget & ".txt"
 
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    
    objShell.Run "%comspec% /c ping -n " & strPings & " -w 100 " & _
        strTarget & ">" & strTempFile, 0, True
        
    WScript.Sleep intPause
    
    objShell.Run "%comspec% /c ping -n " & strPings & " -w 100 " & _
        strTarget & ">>" & strTempFile, 0, True
    
    Set objTempFile = objFSO.OpenTextFile(strTempFile, ForReading)
    strOutput = objTempFile.ReadAll
    objTempFile.Close
    objFSO.DeleteFile strTempFile, True
 
    If InStr(strOutput, "bytes=32") > 0 Then
        PingCheck = True
    Else
        PingCheck = False
    End If
End Function

Open in new window

0
 

Author Comment

by:jskfan
ID: 24387878
where does the script puts the output?
0
 
LVL 38

Expert Comment

by:Shift-3
ID: 24388952
As written it creates a list of computers in the strList variable and echoes it on lines 45-46.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:jskfan
ID: 24389934
any way to put the output to a text file?
Thanks a lot!
0
 
LVL 38

Accepted Solution

by:
Shift-3 earned 1800 total points
ID: 24398019
So revised.

Customize the value of the strReport variable on line 5 with the location of the output file.


Const ADS_SCOPE_SUBTREE = 2
Const ForWriting = 2
 
strContainer = "ou=workstations,dc=yourdomain,dc=local"
strReport = "report.txt"
 
strUser = InputBox("Enter the user, in the format DOMAIN\USERNAME", "Process Query")
 
On Error Resume Next
 
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objReport = objFSO.OpenTextFile(strReport, ForWriting, True)
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
 
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select Name From 'LDAP://" & strContainer & "' Where objectCategory='computer'"  
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
 
Do Until objRecordSet.EOF
    blnFound = False
    strComputer = objRecordSet.Fields("Name").Value
 
    If PingCheck(strComputer, 1, 0) Then
        Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
        Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process")
 
        For Each objProcess in colProcessList
            objProcess.GetOwner strProcUser, strProcDomain
            If LCase(strProcDomain & "\" & strProcUser) = LCase(strUser) Then
                blnFound = True
            End If
        Next
        
        If blnFound Then
            objReport.WriteLine strComputer
        End If
    End If
    
    objRecordSet.MoveNext
Loop
 
objReport.Close
 
Function PingCheck(strTarget, strPings, intPause)
    Const ForReading = 1
    
    Set objShell = CreateObject("WScript.Shell")
    strTempDir = objShell.ExpandEnvironmentStrings("%temp%")
 
    strTempFile = strTempDir & "\script-" & strTarget & ".txt"
 
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    
    objShell.Run "%comspec% /c ping -n " & strPings & " -w 100 " & _
        strTarget & ">" & strTempFile, 0, True
        
    WScript.Sleep intPause
    
    objShell.Run "%comspec% /c ping -n " & strPings & " -w 100 " & _
        strTarget & ">>" & strTempFile, 0, True
    
    Set objTempFile = objFSO.OpenTextFile(strTempFile, ForReading)
    strOutput = objTempFile.ReadAll
    objTempFile.Close
    objFSO.DeleteFile strTempFile, True
 
    If InStr(strOutput, "bytes=32") > 0 Then
        PingCheck = True
    Else
        PingCheck = False
    End If
End Function

Open in new window

0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 200 total points
ID: 24422847
It's easier to just run the command :
psloggedon <username>
 
http://technet.microsoft.com/en-us/sysinternals/bb897545.aspx 
0
 

Author Comment

by:jskfan
ID: 24424313
dstewartjr:It's easier to just run the command :

psloggedon <username>



Tha's what I did..
0
 

Author Comment

by:jskfan
ID: 24424323
Shift-3 worked hard on the script though... he needs to be rewarded for his efforts
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we want to have a look at the directory attributes which are used by Microsoft to store the so called Security Identifiers (SID). These SIDs plays an important role in delegating and granting permissions and in authentication of trus…
This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
Integration Management Part 2
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month12 days, 14 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question