perl-win32-users-boun...@listserv.activestate.com wrote on 06/04/2012 03:00:03 PM: > I have a need to determine which client machine a given user (or all > users) has logged into the domain from. > > I'm willing to back into it by starting with all client machines. I'm
If you can access via WMI, there is a mib Win32_SystemUsers that is helpful. I'm including some code from another project. Build @Hosts with the client machines. This just outputs the data in tab delimited format (this was just for a dozen machines and that made sense) but throwing into a DB for queries might make sense. Sample output: host user domain Fred Guest Fred Fred Administrator Fred Fred pingsweep Fred Fred SUPPORT_388945a0 Fred Fred Bob AD Fred Alice AD Fred Chuck AD Fred Dave AD That is, Administrator logged into the machine Fred locally, user Bob logged into the machine from the domain, etc. This is answering the question of "to". On the other hand, if you are really asking the question "from", you have to go to the event logs; there, you can get if a login was local or via the network. The problem, of course, is that it is very transitory; on machine B you can find out that person logged in from machine A, but then you have to go back to see who logged into A at that time. print join( "\t", 'host', 'user', 'domain' ), "\n"; foreach my $server (@Hosts) { warn "Connecting to $server\n"; my $locatorObj = Win32::OLE->new('WbemScripting.SWbemLocator') || die "Error creating locator object: " . Win32::OLE->LastError() . "\n"; $locatorObj->{Security_}->{impersonationlevel} = 3; my $serverObj = $locatorObj->ConnectServer( # connect to WMI server $server, # on this host '\root\cimv2', # this namespace $opts{'u'}, # user $opts{'p'} ) # password || die "Error connecting to $server: " . Win32::OLE->LastError() . "\n"; warn "Connected.\n"; my $users = 0; foreach my $obj ( in $serverObj->InstancesOf('Win32_SystemUsers') ) { $users++; my $group = $obj->{GroupComponent}; my $part = $obj->{PartComponent}; my $host = pullRefs($group); my $user = pullRefs($part); my ( $tmp, $subpart ) = split( /,/, $part ); my $domain = pullRefs($subpart); print join( "\t", $host, $user, $domain ), "\n"; } warn "$users users found.\n"; } ## end foreach my $server (@Hosts) sub pullRefs { my $str = shift; my $tmp; my $rv; ( $tmp, $rv, $tmp ) = split( /\"/, $str ); return $rv; } -- Dr. Robert "Woody" Weaver GBS Cybersecurity & Privacy IT Security Architect Cell: 301-524-8138 -- "Anything else you wish to draw to my attention, Mr. Holmes ?" "The curious incident of the stable dog in the nighttime." "But the dog did nothing in the nighttime." "That was the curious incident." -- A. Conan Doyle, "Silver Blaze"
_______________________________________________ Perl-Win32-Users mailing list Perl-Win32-Users@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs