You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » list of last several logged in users
Register User       Forum List       Calendar       FAQ
Page 1 of 1 1
Topic Options
#205491 - 2012-07-30 12:13 PM list of last several logged in users
BradV Offline
Seasoned Scripter
****

Registered: 2006-08-16
Posts: 687
Loc: Maryland, USA
I feel I should know this, but just can't remember. \:\(

I know you can get the current logged in user at HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogin\DefaultUserName, but does the registry maintain a list of the last few logins?
Top
#205494 - 2012-07-30 09:47 PM Re: list of last several logged in users [Re: BradV]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2127
Loc: Tulsa, OK
Not sure. You may be able to get a list from the user directory, and then check the modify times on them.
Top
#205495 - 2012-07-30 09:55 PM Re: list of last several logged in users [Re: ShaneEP]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2127
Loc: Tulsa, OK
In particular...Maybe the netuser.ini file. It seems to get updated when somebody logs in.
Top
#205497 - 2012-07-30 10:30 PM Re: list of last several logged in users [Re: ShaneEP]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2127
Loc: Tulsa, OK
Not sure exactly what youre looking for...But this works for me on XP at least.

 Code:
$userdir = Left("%UserProfile%",InStrRev("%UserProfile%","\"))

$users = DirList($userdir+"*.*",1)

For Each $user in $users
   If Exist($userdir+$user+"ntuser.ini") AND Not InStr($user,"LocalService") AND Not InStr($user,"NetworkService")
      "USER: "+Left($user,-1) ?
      "Last Logged In: "+GetFileTime($userdir+$user+"ntuser.ini") ?
      ?
   Endif
Next

"DONE"
get $

Function dirlist($dirname, optional $options)
  dim $filename, $counter, $filepath, $mask
  dim $list, $sublist, $subcounter
  $counter=-1
  $dirname=trim($dirname)
  if $dirname=''
    $dirname=@CURDIR
  endif
  if right($dirname,1)='\'
    $dirname=left($dirname,len($dirname)-1)
  endif
  if getfileattr($dirname) & 16
    $mask='*.*'
  else
    $mask=substr($dirname,instrrev($dirname,'\')+1)
    $dirname=left($dirname,len($dirname)-len($mask)-1)
  endif
  redim $list[10]
  $filename=dir($dirname+'\'+$mask)
  while $filename<>'' and @ERROR=0
    if $filename<>'.' and $filename<>'..'
      select
      case (getfileattr($dirname+'\'+$filename) & 16)
        if $options & 1
          $counter=$counter+1
          if $options & 2
            $list[$counter]=$dirname+'\'+$filename+'\'
          else
            $list[$counter]=$filename+'\'
          endif
        endif
        if ($options & 4)
          $sublist=dirlist($dirname+'\'+$filename+'\'+$mask,$options)
          if ubound($sublist)+1
            redim preserve $list[ubound($list)+ubound($sublist)+1]
            for $subcounter=0 to ubound($sublist)
              $counter=$counter+1
              if $options & 2
                $list[$counter]=$dirname+'\'+$filename+'\'+$sublist[$subcounter]
              else
                $list[$counter]=$filename+'\'+$sublist[$subcounter]
              endif
            next
          endif
        endif
      case ($options & 2)
        $counter=$counter+1
        $list[$counter]=$dirname+'\'+$filename
      case 1
        $counter=$counter+1
        $list[$counter]=$filename
      endselect
      if $counter mod 10
        redim preserve $list[$counter+10]
      endif
    endif
    $filename = dir('')
  loop
  if $counter+1
    redim preserve $list[$counter]
  else
    $list=''
  endif
  if $mask<>'*.*' and ($options & 4)
    $filename=dir($dirname+'\*.*')
    while $filename<>'' and @ERROR=0
      if $filename<>'.' and $filename<>'..'
        if (getfileattr($dirname+'\'+$filename) & 16)
          $sublist=dirlist($dirname+'\'+$filename+'\'+$mask,4)
          if ubound($sublist)+1
            redim preserve $list[ubound($list)+ubound($sublist)+1]
            for $subcounter=0 to ubound($sublist)
              $counter=$counter+1
              if $options & 2
                $list[$counter]=$dirname+'\'+$filename+'\'+$sublist[$subcounter]
              else
                $list[$counter]=$filename+'\'+$sublist[$subcounter]
              endif
            next
          endif
        endif
      endif
      $filename = dir('')
    loop
  endif
  if $counter+1
    redim preserve $list[$counter]
  else
    $list=''
  endif
  $dirlist=$list
endfunction
Top
#205498 - 2012-07-31 11:31 AM Re: list of last several logged in users [Re: ShaneEP]
BradV Offline
Seasoned Scripter
****

Registered: 2006-08-16
Posts: 687
Loc: Maryland, USA
Thanks Shane, I'll give it a try. I'm just curious who is coming and sitting at my desk after I leave. \:\)
Top
#205499 - 2012-07-31 07:16 PM Re: list of last several logged in users [Re: BradV]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11628
Loc: CA
Just enable event auditing on the computer. Then look in the Security event logs and you'll see.
Top
#205500 - 2012-08-01 02:37 AM Re: list of last several logged in users [Re: NTDOC]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4401
Loc: New Jersey
That's not a scripted solution - where's the fun in that? \:D
_________________________
Actually I am a Rocket Scientist! \:D

Top
#205501 - 2012-08-01 11:47 AM Re: list of last several logged in users [Re: Glenn Barnas]
BradV Offline
Seasoned Scripter
****

Registered: 2006-08-16
Posts: 687
Loc: Maryland, USA
Thanks guys! \:\)
Top
#205502 - 2012-08-01 01:55 PM Re: list of last several logged in users [Re: BradV]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1896
Loc: Hilversum, The Netherlands
Amateurs ;\)
 Code:
Dim $strComputer, $objWMIService, $colItems, $objItem
$strComputer = "."
$objWMIService = GetObject("winmgmts:\\"+$strComputer+"\root\CIMV2")
$colItems = $objWMIService.ExecQuery("Select * from Win32_NetworkLoginProfile where UserType='Normal Account'",,48)
For Each $objItem in $colItems
  "Name: " + $objItem.Name ?
Next


Edited by Arend_ (2012-08-01 02:04 PM)
Edit Reason: Code adjustment
Top
#205506 - 2012-08-02 01:37 PM Re: list of last several logged in users [Re: Arend_]
BradV Offline
Seasoned Scripter
****

Registered: 2006-08-16
Posts: 687
Loc: Maryland, USA
I'm such a noob! \:\)

Thanks Arend!
Top
#205511 - 2012-08-02 07:07 PM Re: list of last several logged in users [Re: BradV]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2127
Loc: Tulsa, OK
Thanks Arend...Didn't know that one existed. Here's the same code with the last logon time added.

 Code:
Dim $strComputer, $objWMIService, $colItems, $objItem
$strComputer = "."
$objWMIService = GetObject("winmgmts:\\"+$strComputer+"\root\CIMV2")
$colItems = $objWMIService.ExecQuery("Select * from Win32_NetworkLoginProfile where UserType='Normal Account'",,48)
For Each $objItem in $colItems
   "Name: "+$objItem.Name ?
   $last = $objItem.LastLogon
   $year = Left($last,4)
   $mo = SubStr($last,5,2)
   $day = SubStr($last,7,2)
   $hour = SubStr($last,9,2)
   $min = SubStr($last,11,2)
   $sec = SubStr($last,13,2)
   "Last Logon: "+$mo+"/"+$day+"/"+$year+" at "+$hour+":"+$min+":"+$sec ? ?
Next

get $
Top
#205514 - 2012-08-02 07:20 PM Re: list of last several logged in users [Re: ShaneEP]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2127
Loc: Tulsa, OK
A possible unrelated solution...

 Code:
$nul = WriteValue("HKLM\Software\Microsoft\CurrentVersion\Policies\System","DisplayLastLogonInfo","1","REG_DWORD")
Top
#205523 - 2012-08-03 12:59 PM Re: list of last several logged in users [Re: ShaneEP]
BradV Offline
Seasoned Scripter
****

Registered: 2006-08-16
Posts: 687
Loc: Maryland, USA
Interesting. I looked at Win32_NetworkLoginProfile Class and scripted a result for all the properties. For LastLogon I only get asterisks. I wonder if that is because I'm not in the domain admins group? The Parameters property was interesting. Even though it is listed as a string property, I got back non-printable characters.

Thanks for the insight guys! \:\)
Top
#205525 - 2012-08-03 02:40 PM Re: list of last several logged in users [Re: BradV]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1896
Loc: Hilversum, The Netherlands
Well, just to be complete, here are all the properties:
 Code:

$strComputer = "."
$objWMIService = GetObject("winmgmts:\\" + $strComputer + "\root\CIMV2")
$colItems = $objWMIService.ExecQuery("Select * from Win32_NetworkLoginProfile",,48)
For Each $objItem in $colItems
  "AccountExpires: " + $objItem.AccountExpires ?
  "AuthorizationFlags: " + $objItem.AuthorizationFlags ?
  "BadPasswordCount: " + $objItem.BadPasswordCount ?
  "Caption: " + $objItem.Caption ?
  "CodePage: " + $objItem.CodePage ?
  "Comment: " + $objItem.Comment ?
  "CountryCode: " + $objItem.CountryCode ?
  "Description: " + $objItem.Description ?
  "Flags: " + $objItem.Flags ?
  "FullName: " + $objItem.FullName ?
  "HomeDirectory: " + $objItem.HomeDirectory ?
  "HomeDirectoryDrive: " + $objItem.HomeDirectoryDrive ?
  "LastLogoff: " + $objItem.LastLogoff ?
  "LastLogon: " + $objItem.LastLogon ?
  "LogonHours: " + $objItem.LogonHours ?
  "LogonServer: " + $objItem.LogonServer ?
  "MaximumStorage: " + $objItem.MaximumStorage ?
  "Name: " + $objItem.Name ?
  "NumberOfLogons: " + $objItem.NumberOfLogons ?
  "Parameters: " + $objItem.Parameters ?
  "PasswordAge: " + $objItem.PasswordAge ?
  "PasswordExpires: " + $objItem.PasswordExpires ?
  "PrimaryGroupId: " + $objItem.PrimaryGroupId ?
  "Privileges: " + $objItem.Privileges ?
  "Profile: " + $objItem.Profile ?
  "ScriptPath: " + $objItem.ScriptPath ?
  "SettingID: " + $objItem.SettingID ?
  "UnitsPerWeek: " + $objItem.UnitsPerWeek ?
  "UserComment: " + $objItem.UserComment ?
  "UserId: " + $objItem.UserId ?
  "UserType: " + $objItem.UserType ?
  "Workstations: " + $objItem.Workstations ?
  ?
Next

LastLogOff displays all asterisks, probably because that isn't set to be logged.
LastLogin however can be converted using the Integer8Date UDF.
Top
#205528 - 2012-08-03 06:11 PM Re: list of last several logged in users [Re: Arend_]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2127
Loc: Tulsa, OK
The code I posted above also parses the lastlogin value.
Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 793 anonymous users online.
details
Newest Members
M_Moore, BeeEm, min_seow, Audio, Hoschi
17883 Registered Users
My Cookies · Mark all read Powered by UBB.threads™ Contact Us · KiXtart.org website · Top

Generated in 0.126 seconds in which 0.068 seconds were spent on a total of 13 queries. Zlib compression enabled.
Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org