Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 305
  • Last Modified:

When a virtual workstation was last logged on?


How can I find out when a virtual workstation was last used / logged onto ?  
...preferably not trawling though event logs.

I want to confirm all the virtual pc's in our fleet are being regularly used, preferably a script that reads a text file - vb or powershell would be good.

  • 2
1 Solution
I've attached a .vbs script that we use to do precisely this.
It records user logon times/machine usage in a users Description field so you can then view this easily from AD Users & Computers.
Run it through group policy.
'This script should be set as a USER login script in an Active Directory GPO. It will populate 
'the 'Description' field in the AD 'Users and Computers' console for both the Computer and
'the User objects with the username of whomever logged in, the name of the PC they logged 
'into, the time they logged into it and which domain controller that they authenticated with.

On Error Resume Next


Dim strDisplayMessage
Dim objSysInfo, objUser, objComputer

Set objSysInfo = CreateObject("ADSystemInfo")

Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)
Set objDomain = GetObject("LDAP://rootDse")

objAuthDC = objDomain.Get("dnsHostName")

strDisplayMessage = objUser.CN & " last logged on to " & objComputer.CN & " - " & Now & " - " & objAuthDC & "."

objUser.Description = strDisplayMessage

objComputer.Description = strDisplayMessage


Open in new window

That method is probably fine for a small network, however, I would hesitate using it if you have a large or geographically disperse environment, just purely because it will generate a whole heap of extra information that will replicated between your DC's.

I would suggest that you use a simple logon script that records the username, date and time to a log file on the computer or to a central repository.

For example:




Maybe in an extremely large domain the amount of traffic replicated would be signficant
We have 1500 odd users in 7 different states and there was no noticeable increase in replication traffic after implementing this script.

I find the advantage to doing it this way is all the information is visible in AD next to all the other information instead of having to go searching through a txt file. You can visually see if a user hasn't logged on and delete them without having to go back and forth from a log file to AD Users & Computers.

The only real drawback is if you already use the Decription field for something else.

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now