Wolfteeth Posted December 7, 2011 Posted December 7, 2011 (edited) How to check logon user client information remotely? my previous idea is to check the remote event message on Win32_NTEventLog for Security. normaly, we can just check the message info. e.g. SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Application' where Eventcod ='4624' then for each $objitem in the instance list to check stringinstr($objitem, "Logon Type: 10"), however, to use WMI to get the eventlog is a quite big loading on the security logfile, because of security log will append itself while accessing per each time., the performance will be quite worse and worst. besides, I tried to Select * from Win32_logonsession where logontype='10', however, this cannot get user name but just a unknown logonid.... so, is there anyway can help to query the information quickly and so that I can get the logon use's workstaion name, IP address etc.. Simple to say, I want to know who logon the remote machine and from where. Edited December 7, 2011 by Wolfteeth
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now