Alistair7
asked on
How to find the last domain user to use a PC
I have a laptop called "BB-07" with a smashed screen.
How do I find the last domain user to use that PC in active directory under server 2003?
I have of course used the event editor and looked at the "Security" tab which shows all activity for both users and PCs, BUT when I search for all references to "BB-07", none of them tell me which user was logged in on that laptop.
Is there another place where I can get this info? Or do I need to install a free tool to log this info on the server? Which free tool?
How do I find the last domain user to use that PC in active directory under server 2003?
I have of course used the event editor and looked at the "Security" tab which shows all activity for both users and PCs, BUT when I search for all references to "BB-07", none of them tell me which user was logged in on that laptop.
Is there another place where I can get this info? Or do I need to install a free tool to log this info on the server? Which free tool?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't know any. There is also another tool to use to see who is logged on PsLoggedon
http://technet.microsoft.com/en-us/sysinternals/bb897545.aspx
That's probably possible to use some VBScript or PowerShell to log that but for that you need to ask in these zones
Krzysztof
http://technet.microsoft.com/en-us/sysinternals/bb897545.aspx
That's probably possible to use some VBScript or PowerShell to log that but for that you need to ask in these zones
Krzysztof
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for your efforts.
ADManager is expensive and, having looked at the product, I cannot see if it will do what I want.
Minoru7, in my original post I said that I had already looked at the security logs in the event viewer. But all events referring to "BB-07" did not mention the logged in user.
There must be others like me who need to know the last few users logged into a computer.
And I would be very surprised if there was not a simple tool for that.
ADManager is expensive and, having looked at the product, I cannot see if it will do what I want.
Minoru7, in my original post I said that I had already looked at the security logs in the event viewer. But all events referring to "BB-07" did not mention the logged in user.
There must be others like me who need to know the last few users logged into a computer.
And I would be very surprised if there was not a simple tool for that.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found an excellent solution on the internet.
Use group policy to run 2 batch file scripts, one on login and the other on logout.
Here they are:
echo %computername%,%date%,%tim e%,%userna me%,logon >> \\Server\PC_Log$\PC_Log.cs v
echo %computername%,%date%,%tim e%,%userna me%,logoff >> \\Server\PC_Log$\PC_Log.cs v
Both scripts save details to the same log file placed in a hidden shared folder.
Simply a matter then of opening the csv file under OpenOffice or Excel and sorting on the first 3 columns, namely "computername" "date" and "time".
Only 1 small wierd thing. The time field also creates an additional two digit number which is then placed in its own column. Like this:
Freds-PC 07.09.2012 21:47:08 47 Administrator logon
Freds-PC 07.09.2012 21:48:04 92 Administrator logoff
Thanks for your help.
Use group policy to run 2 batch file scripts, one on login and the other on logout.
Here they are:
echo %computername%,%date%,%tim
echo %computername%,%date%,%tim
Both scripts save details to the same log file placed in a hidden shared folder.
Simply a matter then of opening the csv file under OpenOffice or Excel and sorting on the first 3 columns, namely "computername" "date" and "time".
Only 1 small wierd thing. The time field also creates an additional two digit number which is then placed in its own column. Like this:
Freds-PC 07.09.2012 21:47:08 47 Administrator logon
Freds-PC 07.09.2012 21:48:04 92 Administrator logoff
Thanks for your help.
ASKER
What about a free tool for logging this info on the server??