perl-win32-users-boun...@listserv.activestate.com wrote on 06/04/2012 
03:00:03 PM:
> I have a need to determine which client machine a given user (or all
> users) has logged into the domain from.
> 
> I'm willing to back into it by starting with all client machines. I'm

If you can access via WMI, there is a mib Win32_SystemUsers that is 
helpful.  I'm including some code from another project.  Build @Hosts with 
the client machines.  This just outputs the data in tab delimited format 
(this was just for a dozen machines and that made sense) but throwing into 
a DB for queries might make sense.
Sample output:
host    user    domain
Fred    Guest   Fred
Fred    Administrator   Fred
Fred    pingsweep       Fred
Fred    SUPPORT_388945a0        Fred
Fred    Bob     AD
Fred    Alice   AD
Fred    Chuck   AD
Fred    Dave    AD

That is, Administrator logged into the machine Fred locally, user Bob 
logged into the machine from the domain, etc.  This is answering the 
question of "to".

On the other hand, if you are really asking the question "from", you have 
to go to the event logs; there, you can get if a login was local or via 
the network.  The problem, of course, is that it is very transitory; on 
machine B you can find out that person logged in from machine A, but then 
you have to go back to see who logged into A at that time.

print join( "\t", 'host', 'user', 'domain' ), "\n";
foreach my $server (@Hosts) {
  warn "Connecting to $server\n";
  my $locatorObj = Win32::OLE->new('WbemScripting.SWbemLocator')
    || die "Error creating locator object: "
    . Win32::OLE->LastError() . "\n";
  $locatorObj->{Security_}->{impersonationlevel} = 3;
  my $serverObj = $locatorObj->ConnectServer(    # connect to WMI server
    $server,                                     # on this host
    '\root\cimv2',                               # this namespace
    $opts{'u'},                                  # user
    $opts{'p'}
    )                                            # password
    || die "Error connecting to $server: "
    . Win32::OLE->LastError() . "\n";
  warn "Connected.\n";
  my $users = 0;
  foreach my $obj ( in $serverObj->InstancesOf('Win32_SystemUsers') ) {
    $users++;
    my $group = $obj->{GroupComponent};
    my $part  = $obj->{PartComponent};
    my $host  = pullRefs($group);
    my $user  = pullRefs($part);
    my ( $tmp, $subpart ) = split( /,/, $part );
    my $domain = pullRefs($subpart);
    print join( "\t", $host, $user, $domain ), "\n";
  }
  warn "$users users found.\n";
} ## end foreach my $server (@Hosts)

sub pullRefs {
  my $str = shift;
  my $tmp;
  my $rv;
  ( $tmp, $rv, $tmp ) = split( /\"/, $str );
  return $rv;
}

-- 
Dr. Robert "Woody" Weaver
GBS Cybersecurity & Privacy
IT Security Architect
Cell: 301-524-8138

-- 
"Anything else you wish to draw to my attention, Mr. Holmes ?"
"The curious incident of the stable dog in the nighttime."
"But the dog did nothing in the nighttime."
"That was the curious incident."
-- A. Conan Doyle, "Silver Blaze"


_______________________________________________
Perl-Win32-Users mailing list
Perl-Win32-Users@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

Reply via email to