If there were an easy way to guarantee it I would have just pointed at that. Since there isn't, I wanted to know how accurate the info needs to be so you can determine how much work you are willing to do.
I wouldn't guarantee that info as accurate no. The user's PC could somehow be unavailable for a moment or blocking you from querying it and users don't always register a messenger record for users logged onto the machine. For instance, if I look at the name table for the machine I am currently logged on typing this message, I have no messenger record for me. Most likely I was logged in someplace else and the name collided so I wasn't able to register it. Additionally someone could have hibernated for the moment you tried to reach out to their PC or they could have unplugged or the wireless dropped or any number of things. How do you treat a machine you can't A) Can't resolve B) Can't contact (firewall or very very busy or ???) C) Get to respond to a NetBIOS name table request? The only way approaching any kind of guaranteed way would be to place a positively secure client probably running at the driver level on every machine you care about and have it monitoring who is logged on (in all sessions, because what about RCMD or psexec or telnet, etc), when the machine is functioning on the network, etc. Basically to get something that would legally stand up in court, it is very very very tough to get that info and have any sort of guarantee behind it. To get a rough guess at what you have, your idea will work, a logon script that registers info somewhere will work, etc. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb Sent: Wednesday, November 23, 2005 4:17 PM To: [email protected] Subject: RE: [ActiveDir] Proving a User is logged on to the domain joe, I'm surprised at such a Techocrat as you missing that. Of all people! ;-) I would expect you to respond to your own question from like say somebody else as follows; <joe> "Information is like pregnancy, it's either true (hence accurate) or it's false. It can't be anything else. It's either accurate or not." Just playing with you boss (YMYMYM). "Yes sir!, I need the information to be accurate, to answer your question." I suppose I could rely on my NBTSTAT query. [1] I monitor the logs. [2] I see the User logged on to PCx [3] I ping PCx and get its IP address [4] I run "nbtstat -A IPAddressOfPCx [5] NBTSTAT reports the Netbios name of the PC >AND< who is logged on. Would you state that to be accurate? Thanks for responding. Happy Thanksgiving. RH ______________________________________ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of joe Sent: Wednesday, November 23, 2005 3:55 PM To: [email protected] Subject: RE: [ActiveDir] Proving a User is logged on to the domain Lots of suggestions on how to do this but the first thought that came to my mind was how strongly do you have to guarantee the accuracy of your information? Finding out when someone logged on is an audit item, you enable auditing and collect the logs. Proving that someone is STILL logged on and active is tougher. User could be hibernated or had their machine unplugged or any number of things. So you have to go back to their machine and actually have it tell you if the user is logged on. That is much more involved than the auditing and auditing is not the really all that easy if you have a lot of DCs or a lot of events. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb Sent: Wednesday, November 23, 2005 9:35 AM To: [email protected] Subject: [ActiveDir] Proving a User is logged on to the domain Gentlemen, Is there a preferred and/or easy way to prove that a User has logged on to the Domain and is currently operating (ie: able to access resources)? The question is not whether he can get to a resource or not, but only that he has successfully logged in to a domain from some computer and is considered live on the Domain? I have not been able to figure that out yet. By the way, Happy Thanksgiving to all this day!! Thanks. RH _____________________________ Rocky Habeeb Microsoft Systems Administrator James W. Sewall Company Old Town, Maine Voice: 207.827.4456 Ext. 387 Email: [EMAIL PROTECTED] www.jws.com _____________________________ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
