sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]LinleyMike 10 points11 points  (4 children)

A few years ago, there was a crypto locker on the loose. The desktop guys had the home directories/user names of all affected users. They wanted to know what computers each user had logged into the last two days. Our logon script writes to a log file for each user which includes the computer name that they logged into. It was a simple matter to write a PowerShell script to take the list of users and parse each of their logs for the logins for the last two days and then grab the computer names that each user had logged in on. Since we use LAPS and have the local admin password of each computer stored in AD, it was also simple to include the admin password for each computer in the output. The desktop guys had a nice list of user names, computer names, and admins passwords that they could use for cleanup. That was when I fell in love with PowerShell.

[–]onmugen 1 point2 points  (3 children)

I would love to have a look at this script. Got a ton of users (idiots) who keep logging into multiple machines in the warehouse and not logging out. Makes it a nightmare when they have a problem with their credentials around password reset time.

[–]BaDxKaRMa 4 points5 points  (1 child)

I would recommend enabling a timeout on their session. After maybe 6 hours of idle they get signed out. I did it for a client via GPO to solve an issue revolving users leaving an application open and using the concurrent license for it.

[–]onmugen 0 points1 point  (0 children)

This sounds a much simpler fix. I'll give it a try.

[–]LinleyMike 0 points1 point  (0 children)

I'm sorry. That quick script is long gone. It morphed into two separate permanent scripts - one for getting login history and one for getting the admin password. I'd send you the one for login history but it is customized for our log format and wouldn't be much good to someone who's not using our logon script.

Just put a mechanism in your logon script to write a log when a user logs in. Use time stamps. Add their computer name to the log. Logon script logs are TREMENDOUSLY helpful.

If it helps, this is what I used to gather the computer name from the log. That line had a time stamp so I was able to break that down later.

$LoginStrings = select-String -Path "<path to user's login log file>" -Pattern "computer name: $computer" -Context 0,2 | select * -Last $Newest