WellingtonIS
asked on
Auditing Locked accounts on machines
Is there any command or free software that I can use to run a quick audit to find out if a user is logged into a machine that they are not supposed to be?
The question title doesn't match your question body. Please explain that, so we know what you really need.
Also tell me if you let anyone logon anywhere - because you might not know that you can restrict that.
Also tell me if you let anyone logon anywhere - because you might not know that you can restrict that.
ASKER
OK sorry for the confusion... We have single sign on one most of our machines. And we have auto logins too. however, sometimes it doesn't work and I have users logging into a machine with their own user names and passwords then the imprivata screen comes up and they login in again. So they leave and dont' log out. the next person comes along and the 1st person is still logged in to the computer and imprivata has another user logging in. the 1st user keeps getting locked out and I need a way to find out what machine that user is logged into. Does that make more sense?
Can you not log off inactive sessions via GPO or Logoff ScreenSaver https://www.autoitscript.com/site/autoit-tools/logoff-screensaver/
ASKER
Thanks for that info but that's not what I'm needing to do. I have screensaver already that lock the machines after 15 minutes. I'm trying to find out if there's a way I can audit to see where the user is logged in.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. I'll work with this and let you know.
Best solution
https://support.microsoft.com/en-gb/help/824209/how-to-use-the-eventcombmt-utility-to-search-event-logs-for-account-lockouts
Please dont go with the titile "eventcombMT" is the file that you need to run with the event ID - this can produce an output in csv format as well.
Cheers,
Prashant.