Announcement

Collapse
No announcement yet.

To find out where user logged in?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • To find out where user logged in?

    Is there any tool with which we can find out , on which machine/machines an AD user is currently logged in?
    Cheers!!
    MCSE 2003,MCSA- Messaging 2003, VCP

  • #2
    Re: To find out where user logged in?

    If you enable auditing you can do that.

    I have wrote VB script that every time a specific user logs on, will get his username and the time he logged on the computer (I made is as a log on script), then after getting the IP of the mechine, and the time stamp, contacts the SQL database and record the time and the user name and the IP of the computer that user logged in with.

    Hope I did help you.
    Best regards,
    Mostafa Itani

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: To find out where user logged in?

      Sanvour's suggestion is a good way to record all logon's to your domain, but if you just want to do it every once is a while then check out sysinternals / Microsoft's psloggedon:

      http://www.microsoft.com/technet/sys...sloggedon.mspx

      Michael
      Michael Armstrong
      www.m80arm.co.uk
      MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: To find out where user logged in?

        Hi Micheal,

        My sugesstion can be selected for all or some users. You can either do the following:
        • Collect some users in an OU and schedule a startup script on the selected OU
        • Inside the user profile for some users inside startup script, place the name of the script.
        Best regards,
        Mostafa Itani

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: To find out where user logged in?

          If I wanted to find out if what computer a single user was logged onto I would rather use psloggedon than configure a script.

          I see your point if your going to be doing this time and time again but just on the odd occasion, I prefer to use psloggedon - each in to their own.

          Michael
          Michael Armstrong
          www.m80arm.co.uk
          MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          Comment


          • #6
            Re: To find out where user logged in?

            Dear Micheal,

            You are right in that. In my company I was asked to enable this on the Enterprise admin group only, that way they know:
            • Who logged in (Username)
            • At what time he logged in (time read from the server)
            • From which computer (IP address).


            The script will also send an email and record the user name, time stamp, and IP in an SQL database. All this will happen as a log on script.
            Best regards,
            Mostafa Itani

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: To find out where user logged in?

              If you are allowed to, I think we would all be very interested in seeing a copy of that script.

              Tom
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: To find out where user logged in?

                Yes sure.

                Actually I created those scripts as a consaltancy issue. Even though I am not a scripter, but with some google search I could manage all that. I would be more than great if any one can optimize the code if possible. I will post them as soon as I get a hand over them, since recently I did not organize my files.
                Best regards,
                Mostafa Itani

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: To find out where user logged in?

                  Maybe ? LimitLogin.exe can help..?... quote: "While the main purpose of LimitLogin is to enforce concurrent login quotas, it can also be used purely as a login data capture solution that lets you manage your Active Directory environment more effectively"

                  how to install:
                  http://www.windowsitpro.com/Article/...993/47993.html

                  \Rem

                  This posting is provided "AS IS" with no warranties, and confers no rights.

                  __________________

                  ** Remember to give credit where credit's due **
                  and leave Reputation Points for meaningful posts

                  Comment


                  • #10
                    Re: To find out where user logged in?

                    I am not Sure if you have SMS 2003 in your Environment. It has GUI interface where you need to just enter the Machine or User Name it will provide your where the user is Logged on along with other useful information ..

                    Comment


                    • #11
                      Re: To find out where user logged in?

                      Here is my script

                      Dim strIPAddress

                      strComputer = "."

                      Set objWMIService = GetObject( _

                      "winmgmts:\\" & strComputer & "\root\cimv2")

                      Set IPConfigSet = objWMIService.ExecQuery _

                      ("Select IPAddress from Win32_NetworkAdapterConfiguration ")



                      For Each IPConfig in IPConfigSet

                      If Not IsNull(IPConfig.IPAddress) Then

                      For i=LBound(IPConfig.IPAddress) _

                      to UBound(IPConfig.IPAddress)

                      strIPAddress = IPConfig.IPAddress(i)

                      Next

                      Exit For

                      End If

                      Next



                      Dim strTimeStamp

                      Set dtmInstallDate = CreateObject( _

                      "WbemScripting.SWbemDateTime")

                      strComputer = "."

                      Set objWMIService = GetObject( _

                      "winmgmts:\\" & strComputer & "\root\cimv2")

                      Set objOS = objWMIService.ExecQuery( _

                      "Select * from Win32_OperatingSystem")

                      For Each strOS in objOS

                      dtmInstallDate.Value = strOS.InstallDate

                      strTimeStamp = dtmInstallDate.GetVarDate

                      Next



                      Dim objConn

                      Dim objCmd





                      'Instantiate objects

                      Set objConn = CreateObject("ADODB.Connection")

                      set objCmd = CreateObject("ADODB.Command")

                      objConn.Open("Provider=SQLOLEDB;Data Source=dc1;Initial
                      Catalog=mostafa;User ID =vp;Password=alert")





                      With objCmd

                      .ActiveConnection = objConn

                      .CommandText = "Insert into events set IPaddress = " & strIPAddress
                      & ", TimeStamp = " & strTimeStamp

                      End With





                      objConn.close

                      set objConn = Nothing

                      Dim oOApp As Outlook.Application
                      Dim oOMail As Outlook.MailItem

                      Set oOApp = CreateObject("Outlook.Application")
                      Set oOMail = oOApp.CreateItem(olMailItem)

                      With oOMail
                      .To = "[email protected]"
                      .Subject = "Alert!VP Logged IN"
                      .Body = "The VP account has logged from the following IP at the following time."
                      & IP & timestamp
                      '.Attachments.Add "\\server\drive\folder\filename", olByValue, 1
                      .Send
                      End With
                      Best regards,
                      Mostafa Itani

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: To find out where user logged in?

                        Originally posted by sanvour View Post
                        Here is my script
                        There is one basic problem with this approach - the user/password used to write information into DB are hard-coded in the script, making it VERY easy for ANYONE to alter the data in the DB. So basically I can logon from one workstation and later inject anything I desire into the DB.
                        Guy Teverovsky
                        "Smith & Wesson - the original point and click interface"

                        Comment


                        • #13
                          Re: To find out where user logged in?

                          Yeah that was the requirement, you can use the integrated authentication, to log on using the user credinatials, and that way you will not compromise the security issue.

                          Moreover if you have given the permission for this user only to add records, he will not be able to change any record.
                          Best regards,
                          Mostafa Itani

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment


                          • #14
                            Re: To find out where user logged in?

                            Originally posted by sanvour View Post
                            Moreover if you have given the permission for this user only to add records, he will not be able to change any record.
                            This means that you have given a permission to add ANY record, including bogus data. With that approach your DB can only be used as "best effort" and should not be used for things like security audit.
                            Guy Teverovsky
                            "Smith & Wesson - the original point and click interface"

                            Comment


                            • #15
                              Re: To find out where user logged in?

                              Yeah you are right, but you know the user who is trying to add to the database, should know the instance name, and the table name, the user name and password connecting to the database, in addition to that, the format that the fields are to be filled.

                              Using the logon credinatals is really much more secure, and I agree with you concerning that, but the time I desgined this script, I was really in a rush to submit it, and in my presentation, I explained to them, that this is not correct, and user name credinatals should be used.
                              Best regards,
                              Mostafa Itani

                              ** Remember to give credit where credit is due and leave reputation points where appropriate **

                              Comment

                              Working...
                              X