Get a list of who logged in to each server

14,537

If you just want the profile list, PowerShell is probably your best bet.

$Server = 'RemoteServer'
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Server)

This will instantiate $reg as a holder for the remote registry object in HKLM. To get at the bit you want:

$ProfileList = $Reg.OpenSubKey('SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList')

This will populate $ProfileList with the subkeys for the profiles themselves. Then to extract the list of users:

Write-Host "`n$Server: " -nonewline
ForEach ($SID in $ProfileList.GetValueNames()) {
    $ProfileKey = $ProfileList.OpenSubKey($SID)
    # Get the ProfileImagePath key
    $ProfileKey.GetValue("ProfileImagePath")
    # Break the path up into an array, using \ as the delimiter
    $PathBits = $ProfileKey.Split("\")
    # The last element of the array is our user, find the last element
    $LastIndex = $PathBits.Count - 1
    # Dump the last element to something useful
    $User = $PathBits[$LastIndex]
    # Output the user
    write-host " $User" -nonewline
}

Or something close to that. It's off the top of my head.

Share:
14,537

Related videos on Youtube

ablackhat
Author by

ablackhat

Updated on September 17, 2022

Comments

  • ablackhat
    ablackhat about 1 year

    I am looking for a way to query Active Directory or SMS or something so I can get a list of users who have logged into a Windows server for several servers. It would be like checking the lastlog file on Linux. I don't need the time or anything else except the user name.

    Something with an output as simple as: SERVERNAME: shatnerw, nimoyl, kelleyd,

    Any input on this would be great. Even if it's "use this function in VB script".

    Thanks, ablackhat

    Edit: So far I have found the info is in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. It has the guid which is fine. Now I need to figure out a way to query that remotely.

    • ablackhat
      ablackhat almost 13 years
      All of them. Active Directory 2003, but the servers are 2000 through 2008R2. Even if I had to use different processes for each type that would be fine, I simply don't know where to begin and my google-fu is weak today.