Solved

How to check who is the user account that currently logged on the domain workstation?

Posted on 2016-11-09
6
85 Views
Last Modified: 2016-11-10
This is using MS Windows Server 2008 R2 AD Domain. There are a few DC here. My boss want us to check who is the user currently logged on to a given domain PC. For example, a PC name netpc001, and we wanted to know who is the user for this pc. The fastest is to check who is the user currently logged on (or last accessed). btw, how to check?

Thanks in advance.
0
Comment
Question by:MichaelBalack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 

Expert Comment

by:Mohamed Nagy
ID: 41880286
by this command line:

WMIC /NODE: xxx.xxx.xxx.xxx COMPUTERSYSTEM GET USERNAME

where xxx.xxx.xxx.xxx is the IP of your device
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 41880290
Hi Mohamed,

Thank for your fast suggestion. I will try your method in a short while.
1
 
LVL 6

Expert Comment

by:Niten Kumar
ID: 41880340
Try the powershell script below.



# Applies to: Computers
#
# Description: This script searches for a specific, logged on user on all or 
# specific Computers by checking the process "explorer.exe" and its owner.
#
# ********************************************************************************

#Set variables
$progress = 0

#Get Admin Credentials
Function Get-Login {
Clear-Host
Write-Host "Please provide admin credentials (for example DOMAIN\admin.user and your password)"
$Global:Credential = Get-Credential
}
Get-Login

#Get Username to search for
Function Get-Username {
      Clear-Host
      $Global:Username = Read-Host "Enter username you want to search for"
      if ($Username -eq $null){
            Write-Host "Username cannot be blank, please re-enter username!"
            Get-Username
      }
      $UserCheck = Get-ADUser $Username
      if ($UserCheck -eq $null){
            Write-Host "Invalid username, please verify this is the logon id for the account!"
            Get-Username
      }
}
Get-Username

#Get Computername Prefix for large environments
Function Get-Prefix {
      Clear-Host
      $Global:Prefix = Read-Host "Enter a prefix of Computernames to search on (CXX*) use * as a wildcard or enter * to search on all computers"
      Clear-Host
}
Get-Prefix

#Start search
$computers = Get-ADComputer -Filter {Enabled -eq 'true' -and SamAccountName -like $Prefix}
$CompCount = $Computers.Count
Write-Host "Searching for $Username on $Prefix on $CompCount Computers`n"

#Start main foreach loop, search processes on all computers
foreach ($comp in $computers){
      $Computer = $comp.Name
      $Reply = $null
        $Reply = test-connection $Computer -count 1 -quiet
        if($Reply -eq 'True'){
            if($Computer -eq $env:COMPUTERNAME){
                  #Get explorer.exe processes without credentials parameter if the query is executed on the localhost
                  $proc = gwmi win32_process -ErrorAction SilentlyContinue -computer $Computer -Filter "Name = 'explorer.exe'"
            }
            else{
                  #Get explorer.exe processes with credentials for remote hosts
                  $proc = gwmi win32_process -ErrorAction SilentlyContinue -Credential $Credential -computer $Computer -Filter "Name = 'explorer.exe'"
            }                  
                  #If $proc is empty return msg else search collection of processes for username
            if([string]::IsNullOrEmpty($proc)){
                  write-host "Failed to check $Computer!"
            }
            else{      
                  $progress++                  
                  ForEach ($p in $proc) {                        
                        $temp = ($p.GetOwner()).User
                        Write-Progress -activity "Working..." -status "Status: $progress of $CompCount Computers checked" -PercentComplete (($progress/$Computers.Count)*100)
                        if ($temp -eq $Username){
                        write-host "$Username is logged on $Computer"
                        }
                  }
            }      
      }
}
write-host "Search done!"

Open in new window

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 11

Accepted Solution

by:
BillBondo earned 500 total points
ID: 41880671
Another option;

strComputer = "PC NAME, IP HERE"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")  
 
Set colComputer = objWMIService.ExecQuery _
    ("Select * from Win32_ComputerSystem")
 
For Each objComputer in colComputer
    Wscript.Echo "Logged-on user: " & objComputer.UserName
Next


Its a VBS script. Copy text above to notepad and save as *.vbs
Change pc name as needed and save, then run
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
ID: 41881853
Thank for expert - BillBondo of suggesting using the given vbs, it works perfectly with all the logged on user name exposed.
0
 
LVL 1

Expert Comment

by:Tim Boswell
ID: 41882014
If you're the network admin, another quick and dirty approach which I tend to use is just to browse to \\computername\users, and sort the folder list by Last Modified Date. The most recently modified folder was the last person to log on. Note that this doesn't tell you whether or not they're currently logged on.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question