Jose, I think what Jorge is saying is run this
reg query "\\servername\HKLM\software\microsoft\windows nt\currentversion\winlogon" /v defaultusername Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Medeiros, Jose Sent: Friday, May 06, 2005 7:42 AM To: Jorge de Almeida Pinto; [EMAIL PROTECTED]; [email protected] Subject: RE: [ActiveDir] Last Logon to a computer Hi Jorge, Thank you for the reply. I thought about dumping the event logs to a SQL data base and running a querry against the machine name, howevever we currently are not enabling succesful logon attempts. I guess I could always create a GPO and enable this security policy and apply it to the OU that we want to monitor, I just thought that there may be a simple command line tool to do this. Thanks again for the help! Jose :-) -----Original Message----- From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED] Sent: Thursday, May 05, 2005 3:24 PM To: Medeiros, Jose; '[EMAIL PROTECTED] '; '[email protected] ' Subject: RE: [ActiveDir] Last Logon to a computer Hi, To see who look at the security log of the server (auditing logon events must be enabled). To see who you can also look at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AltDefaultUserName #JORGE# -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 5/5/2005 6:54 PM Subject: [ActiveDir] Last Logon to a computer Greetings, Does any one know of a command, script or utility that will allow you to verify who was the last person to logon to a computer or server and when? ( I am not referring to using the " net user /dom username " command as that only specifies the last logon to a domain ) Thanks in advance! Jose Medeiros List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
