Sign in to follow this  
Followers 0
Wolfteeth

How to check logon user client information remotely?

1 post in this topic

#1 ·  Posted (edited)

How to check logon user client information remotely?

my previous idea is to check the remote event message on Win32_NTEventLog for Security.

normaly, we can just check the message info.

e.g. SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Application' where Eventcod ='4624'

then for each $objitem in the instance list to check stringinstr($objitem, "Logon Type: 10"),

however, to use WMI to get the eventlog is a quite big loading on the security logfile, because of security log will append itself while accessing per each time., the performance will be quite worse and worst.

besides, I tried to Select * from Win32_logonsession where logontype='10', however, this cannot get user name but just a unknown logonid....

so, is there anyway can help to query the information quickly and so that I can get the logon use's workstaion name, IP address etc..

Simple to say, I want to know who logon the remote machine and from where.

Edited by Wolfteeth

Share this post


Link to post
Share on other sites



Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0