Finding Recently Logged on Users
- From: becky <ladymcse2000@xxxxxxxxx>
- Date: Sun, 8 Jun 2008 00:48:53 -0700 (PDT)
I have several servers and I want to find the last dozen or so users
that logged in. I can query on event log ID 528 in the security log,
but I want to exclude the nt authority \ network service, nt authority
\ local service and nt authority \ system info from showing up. I
use the following WMI Query.:
"SELECT * FROM Win32_NTLogEvent WHERE LogFile = 'Security' AND " & _
"EventCode = 528 AND User <> 'NT Authority\\Network Service
The above excludes NT Authority \Network Service, but I'm not sure how
to query and exclude the other user ID's.
Of course if someone already has a better way of going about this,
feel I'm more than willing to try that.
.
- Prev by Date: Retrive the computer a user last logged on through
- Next by Date: Re: Retrive the computer a user last logged on through
- Previous by thread: Retrive the computer a user last logged on through
- Next by thread: I am trying to grasp the concept of the simple loop statement
- Index(es):
Relevant Pages
|
