Get a list of who logged in to each server
If you just want the profile list, PowerShell is probably your best bet.
$Server = 'RemoteServer'
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $Server)
This will instantiate $reg as a holder for the remote registry object in HKLM. To get at the bit you want:
$ProfileList = $Reg.OpenSubKey('SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList')
This will populate $ProfileList with the subkeys for the profiles themselves. Then to extract the list of users:
Write-Host "`n$Server: " -nonewline
ForEach ($SID in $ProfileList.GetValueNames()) {
$ProfileKey = $ProfileList.OpenSubKey($SID)
# Get the ProfileImagePath key
$ProfileKey.GetValue("ProfileImagePath")
# Break the path up into an array, using \ as the delimiter
$PathBits = $ProfileKey.Split("\")
# The last element of the array is our user, find the last element
$LastIndex = $PathBits.Count - 1
# Dump the last element to something useful
$User = $PathBits[$LastIndex]
# Output the user
write-host " $User" -nonewline
}
Or something close to that. It's off the top of my head.
Related videos on Youtube
ablackhat
Updated on September 17, 2022Comments
-
ablackhat about 1 year
I am looking for a way to query Active Directory or SMS or something so I can get a list of users who have logged into a Windows server for several servers. It would be like checking the lastlog file on Linux. I don't need the time or anything else except the user name.
Something with an output as simple as: SERVERNAME: shatnerw, nimoyl, kelleyd,
Any input on this would be great. Even if it's "use this function in VB script".
Thanks, ablackhat
Edit: So far I have found the info is in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. It has the guid which is fine. Now I need to figure out a way to query that remotely.
-
ablackhat almost 13 yearsAll of them. Active Directory 2003, but the servers are 2000 through 2008R2. Even if I had to use different processes for each type that would be fine, I simply don't know where to begin and my google-fu is weak today.
-