Home / server / Questions / 119113
In Process
V. Romanov
Asked: 2010-03-05 02:20:01 +0800 CST

How to find the computer name a user logged on to

  • 772

Is there a tool or script or some other way of knowing what computer name a specific user is currently logged on to? Or even was logged on to?

Say the user "HRDrone" is working on his machine whose hostname is "HRStation01".

I, sitting at my sysadmin desk, only know that the username is "HRDrone". Any way i can find out that he is logged on to "HRStation01" without asking the user? AD event viewer? anything?

Thanks!

windows active-directory domain

6 Answers

  1. There is a great Sysinternals utility that will do just this for you - PsLoggedOn

    • 8

  2. A cheap trick I often use is to look at the the "Sessions" listed under "Shared Folders" in the "Computer Management" console targeted at a file server computer where I know the subject user will have a "drive" "mapped".

    • 5

  3. how about these in bat file as a user logon script Run it and you will see the fun 

    mkdir %username% 
pushd %username% 
net config workstation > %computername%.txt

    OR if you need in detail 

    mkdir %username% 
pushd %username% 
@echo off
echo
echo I am logged on as %UserName%. >> %username%\%computername%.txt
echo My computer's name is %ComputerName%. >> %computername%.txt
echo %Date% >> %computername%.txt
echo %Time% >> %computername%.txt
echo My IP settings are >> %computername%.txt
ipconfig | find "." | find /i /v "suffix" >> %computername%.txt
getmac >> %computername%.txt
echo\

    you can contact me for more scripts if you need it, its good learning for me aswell

    • 1

  4. I'm not sure there is something live, but the Security Event Log records logins from users. Accessing the Event log on the DCs should be able to give you this information. That is provided that information is being collected. I think that is a policy setting.

    This page from Microsoft describes a really slow and complicated way to query the event logs: http://technet.microsoft.com/en-us/library/ee176699.aspx

    I'm pretty sure this won't help you, but it might work as an audit. I.e who was logged in when the bad stuff happened!

    • 0

  5. As a sysadmin, you could embed a routine in your logon script to store a .txt file with the username and hostname in it, or use sqlite.

    • 0

  6. I had to solve this problem for doing remote support throughout my company. Things like PsLoggedOn, and tools to scan the domain controller's security logs proved to be far too slow for my purposes (getting the hostname to do remote support for users). Here's what I came up with:

    • All users have an drive mapped to X: in AD under Profile - Home folder
    • Everyone has the below script assigned under Profile - Logon script

    This script records what computer they logged into in their home folder. It specifically doesn't record them logging into our terminal server, because I don't care about such entries. 

    '===============================================================
' Record the logon in their X: drive UNLESS they are on TERM-SERVER!
'===============================================================
If strComputerName <> "TERM-SRVER" Then
    strFile = "X:\login.txt"
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objTextFile = objFSO.OpenTextFile(strFile, 8, True)
    objTextFile.WriteLine(strIP + " - " + strComputerName + " - " + CStr(Date) + " " +     CStr(Time))
    objTextFile.Close
    ' Make it hidden
    Set objTextFile = objFSO.GetFile(strFile)
    objTextFile.Attributes = 2
End If

    Then I use a bit of VBscript on my local machine to automatically find their home directory in AD, open the log file, and print out the last few lines.

    • 0