User Login history report
Need some help here please. I am in need of a report that will tell me which computers a specific user has logged into over a certain period of time. The range of dates to look at is variable, but typically about a 30 day time frame. Any help would be greatly appreciated. Thanks
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
dchristian
12 years ago
I did something like this in powershell.
From a high level try parsing the Winlogon log.
This will give you all the info you need.
Save your results to a text file, and use custom inventory to tie it all together.
From a high level try parsing the Winlogon log.
This will give you all the info you need.
Save your results to a text file, and use custom inventory to tie it all together.
Posted by:
steelc
12 years ago
Since the Kace reports don't allow for entering a variable before the report is run, I created a webpage that I can pass a username to get this data. The SQL query follows:
SELECT ASSET_HISTORY.ASSET_ID AS ASSET_ID,
ASSET.NAME AS ASSET_NAME,
MACHINE.NAME AS MACHINE_NAME,
ASSET_HISTORY.TIME AS TIME,
ASSET_HISTORY.DESCRIPTION AS DESCRIPTION
FROM ASSET_HISTORY
LEFT JOIN ASSET ON ASSET.ID = ASSET_HISTORY.ASSET_ID
LEFT JOIN MACHINE ON MACHINE.ID = ASSET.MAPPED_ID
WHERE DESCRIPTION LIKE
<cfqueryparam value="%User Logged changed from '%' to '#URL.user#'%" cfsqltype="cf_sql_clob" maxlength="255">
ORDER BY TIME DESC
As you can see, I'm using ColdFusion for the page.
To create a SQL report you could use the same code and then change the cfqueryparam statement to just be the username you're looking for so:
WHERE DESCRIPTION LIKE "%User Logged changed from '%' to 'username'%"
The wildcards at the beginning and end are necessary because the statement may be amongst others in the audit history.
SELECT ASSET_HISTORY.ASSET_ID AS ASSET_ID,
ASSET.NAME AS ASSET_NAME,
MACHINE.NAME AS MACHINE_NAME,
ASSET_HISTORY.TIME AS TIME,
ASSET_HISTORY.DESCRIPTION AS DESCRIPTION
FROM ASSET_HISTORY
LEFT JOIN ASSET ON ASSET.ID = ASSET_HISTORY.ASSET_ID
LEFT JOIN MACHINE ON MACHINE.ID = ASSET.MAPPED_ID
WHERE DESCRIPTION LIKE
<cfqueryparam value="%User Logged changed from '%' to '#URL.user#'%" cfsqltype="cf_sql_clob" maxlength="255">
ORDER BY TIME DESC
As you can see, I'm using ColdFusion for the page.
To create a SQL report you could use the same code and then change the cfqueryparam statement to just be the username you're looking for so:
WHERE DESCRIPTION LIKE "%User Logged changed from '%' to 'username'%"
The wildcards at the beginning and end are necessary because the statement may be amongst others in the audit history.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.