How to find the last domain user to use a PC

Posted on 2012-09-07
Last Modified: 2012-09-07
I have a laptop called "BB-07" with a smashed screen.
How do I find the last domain user to use that PC in active directory under server 2003?

I have of course used the event editor and looked at the "Security" tab which shows all activity for both users and PCs, BUT when I search for all references to "BB-07", none of them tell me which user was logged in on that laptop.

Is there another place where I can get this info?  Or do I need to install a free tool to log this info on the server?  Which free tool?
Question by:Alistair7
    LVL 39

    Accepted Solution

    There is no direct AD attribute storing that information. However, you can connect over network using administrator account into registry on that computer and you will find who is logged on (works only if you have not disabled show last logged on user in GPO)

    Then you should check this registry key
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

    and check DefaultUserName which is set up to the latest logged on user


    Author Comment

    Unfortunately I have logged in as administrator, so "DefaultUserName" now says administrator.

    What about a free tool for logging this info on the server??
    LVL 39

    Expert Comment

    by:Krzysztof Pytko
    I don't know any. There is also another tool to use to see who is logged on PsLoggedon

    That's probably possible to use some VBScript or PowerShell to log that but for that you need to ask in these zones

    LVL 7

    Assisted Solution

    If you're on a domain, then the domain controller (active directory server) should contain the logs of who logged onto the server in the security logs.  However, that's if you keep enough of the logs that it hasn't already been overwritten.  Keep in mind that if you have multiple DCs, then you will need to check each one.  It will only be logged on one of them.  It would be logged as event ID 528 on Windows 2003 and 4624 on Windows 2008 or 2008 R2.  If it's only a Workgroup-based PC, these same logs should exist on the local system.  Again, it depends on how large you let your logs get.
    LVL 10

    Assisted Solution

    get a software called ADManager.  u wud be able to pull reports and get this info; however its not free but there is a trial available.  this software would also help in managing and keeping your AD clean

    Author Comment

    thanks for your efforts.

    ADManager is expensive and, having looked at the product, I cannot see if it will do what I want.

    Minoru7, in my original post I said that I had already looked at the security logs in the event viewer.  But all events referring to "BB-07" did not mention the logged in user.

    There must be others like me who need to know the last few users logged into a computer.
    And I would be very surprised if there was not a simple tool for that.
    LVL 23

    Assisted Solution

    by:Suliman Abu Kharroub
    From client machine: open the C:\users

    sort folder (users profiles folders) by date modified, it will show the date for last modification on the profile (which is a local logon or remote logon).

    Author Comment

    I found an excellent solution on the internet.

    Use group policy to run 2 batch file scripts, one on login and the other on logout.

    Here they are:

    echo %computername%,%date%,%time%,%username%,logon >> \\Server\PC_Log$\PC_Log.csv

    echo %computername%,%date%,%time%,%username%,logoff >> \\Server\PC_Log$\PC_Log.csv

    Both scripts save details to the same log file placed in a hidden shared folder.
    Simply a matter then of opening the csv file under OpenOffice or Excel and sorting on the first 3 columns, namely "computername" "date" and "time".

    Only 1 small wierd thing.  The time field also creates an additional two digit number which is then placed in its own column.  Like this:

    Freds-PC   07.09.2012   21:47:08   47   Administrator   logon
    Freds-PC   07.09.2012   21:48:04   92   Administrator   logoff

    Thanks for your help.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now