Announcement

Collapse
No announcement yet.

Lists logon to which computer info.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Lists logon to which computer info.

    After set each username to logon to specified computers, how can I view this information without double click each username? Are there any list or report can be generated?

  • #2
    Re: Lists logon to which computer info.

    How have you setup these restrictions? Have you defined who is allowed to logon to a machine (using a Group Policy), or have you defined which computers a user can logon to (using ADUC)? What operating system are you running on your server? What is the domain functional level?
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Lists logon to which computer info.

      There are some 3rth party tools which can retrieve this information for you.
      Now (prior Windows Server 200 the log-on event is only logged at the DC which is doing the authentication. If you have one DC, you only need to check one DC. If you have 500, you need to check all 500. There are several VBS scripts which retrieves this information for you.

      http://forums.petri.com/showthread.php?t=8973
      http://www.visualbasicscript.com/m_24625/tm.htm
      http://www.eggheadcafe.com/software/...y--comput.aspx
      http://www.rlmueller.net/Last%20Logon.htm
      Last edited by Killerbe; 13th November 2008, 15:24.
      [Powershell]
      Start-DayDream
      Set-Location Malibu Beach
      Get-Drink
      Lay-Back
      Start-Sleep
      ....
      Wake-Up!
      Resume-Service
      Write-Warning
      [/Powershell]

      BLOG: Therealshrimp.blogspot.com

      Comment


      • #4
        Re: Lists logon to which computer info.

        Originally posted by gforceindustries View Post
        How have you setup these restrictions? Have you defined who is allowed to logon to a machine (using a Group Policy), or have you defined which computers a user can logon to (using ADUC)? What operating system are you running on your server? What is the domain functional level?
        Not setup yet coz still plan the new AD environment. We will use server 2003 AD and restricts computer logonthough ADUC. The net admin told me that it's not convenient to check it through ADUC if he wants to fix user pc problem. He just wants to know that user can logon which computers. He is lazy and always want to fix it remotely. (He always suggests me to use IP address as username and computer name too.)

        Comment


        • #5
          Re: Lists logon to which computer info.

          Originally posted by Killerbe View Post
          There are some 3rth party tools which can retrieve this information for you.
          Now (prior Windows Server 200 the log-on event is only logged at the DC which is doing the authentication. If you have one DC, you only need to check one DC. If you have 500, you need to check all 500. There are several VBS scripts which retrieves this information for you.

          http://forums.petri.com/showthread.php?t=8973
          http://www.visualbasicscript.com/m_24625/tm.htm
          http://www.eggheadcafe.com/software/...y--comput.aspx
          http://www.rlmueller.net/Last%20Logon.htm
          Re: all noted and thanks. but can I show username info / lists from ADUC that I set.

          Comment


          • #6
            Re: Lists logon to which computer info.

            Lazy admins don't last long.

            Originally posted by userhk View Post
            (He always suggests me to use IP address as username and computer name too.)
            You can't give the same name to two objects in the directory. Plus it makes it that much harder to manage the system, and your average user is just going to get confused if their username is a bunch of numbers and dots.

            In any case, tying users to a single machine partly negates the benefits of setting up a domain - don't do it just for the sake of doing it.
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: Lists logon to which computer info.

              Originally posted by userhk View Post
              After set each username to logon to specified computers, how can I view this information without double click each username? Are there any list or report can be generated?
              By creating an ADSI script.
              "Search for userobjects in the AD where the attribute "userWorkstations" is not empty". You can output the Common Name and list the Computers from which that user can log on.

              basic sample,
              Code:
              Const col1 = 25
              
              Set objRootDSE = GetObject("LDAP://rootDSE")
              strRootAdsPath = "GC://" & objRootDSE.Get("rootDomainNamingContext")
              
              Set objConnection = CreateObject("ADODB.Connection")
              objConnection.Open "Provider=ADsDSOObject;"
              Set objCommand = CreateObject("ADODB.Command")
              objCommand.ActiveConnection = objConnection
              objCommand.Properties("Page Size") = 200
              
              objCommand.CommandText = "<LDAP://" _ 
                  & objRootDSE.Get("rootDomainNamingContext") _
                  & ">;(&(objectCategory=user)(userWorkstations=*))" _
                  & ";userWorkstations,name;subtree"
              Set objRecordSet = objCommand.Execute
              
              If not objRecordSet.eof then 
                objRecordSet.MoveFirst
                Do Until objRecordset.EOF
                    sUserName = Left(objRecordset.Fields("name"), col1)
                    intSpaces = col1 - Len(sUserName)
                    oList = oList & sUserName & space(intSpaces) & vbTab _
                        & objRecordset.Fields("userWorkstations") & vbNewLine
                    objRecordset.MoveNext
                Loop
              End If
              
              objConnection.Close
              
              wscript.echo oList
              \Rems

              This posting is provided "AS IS" with no warranties, and confers no rights.

              __________________

              ** Remember to give credit where credit's due **
              and leave Reputation Points for meaningful posts

              Comment

              Working...
              X