WMI

Hi everyone,

I'm starting to using (WMI) I downloaded the WMI code creator and
scriptomatic and I used the Win32_UserAccount, but this doesn't give me the
last time that they logged on?

I'm starting going crazy with this...

For example I also nee to get software installed on those servers, again I
used scriptomatic to create a script with Win32_Product, guess what?? Not all
installed software is returned? Why? I did a test on a server with SQL
installed and the SQL wasn't listed?

Thank you all.

Anyone with WMI script solution for this?

"Jmnts" wrote:

> Hi everyone,
>
> I'm starting to using (WMI) I downloaded the WMI code creator and
> scriptomatic and I used the Win32_UserAccount, but this doesn't give me the
> last time that they logged on?
>
> I'm starting going crazy with this...
>
> For example I also nee to get software installed on those servers, again I
> used scriptomatic to create a script with Win32_Product, guess what?? Not all
> installed software is returned? Why? I did a test on a server with SQL
> installed and the SQL wasn't listed?
>
> Thank you all.
>

Instances of Win32_Product represent software that have been installed via
Windows Installer (which does not necessarily correspond to all locally
installed programs). While I'd expect MS SQL Server to fall in this
category, I'm not sure which property you were checking, which version of
SQL Server you are referring to, and how you installed it.
As far as the last logon time, none of the properties of Win32_UserAccount
class contain the info you are looking for. One way to get an estimate
(although this is likely give you the logoff - rather than logon - time, is
to check the date of locally cached profiles). The following script will
give you this info:

On Error Resume Next

Const HKEY_LOCAL_MACHINE = &H80000002
sPCName = "Target_computer"
sValueName = "ProfileImagePath"

Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oRegistry = GetObject("winmgmts:\\" & sPCName &
"\root\default:StdRegProv")
sKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
oRegistry.EnumKey HKEY_LOCAL_MACHINE, sKeyPath, aSubkeys

For Each oSubkey In aSubkeys

sSubPath = sKeyPath & "\" & oSubkey
oRegistry.GetExpandedStringValue HKEY_LOCAL_MACHINE, sSubPath, sValueName,
sValue
sProfileName = Right(sValue, Len(sValue) - InStrRev(sValue, "\"))

Set oFolder = oFSO.GetFolder("\\" & sPCName & "\" & Replace(sValue, ":",
"$", 1))
sModifiedDate = oFolder.DateLastModified
WScript.Echo sValue & vbTab & sProfileName & vbTab & sModifiedDate

Next

Alternatively, you might be able to lookup this info in Active Directory
(assuming that you are referring to domain accounts)...

hth
Marcin

"Jmnts" <> wrote in message
news:39EC680A-2D1B-47C6-AF41-...
> Hi everyone,
>
> I'm starting to using (WMI) I downloaded the WMI code creator and
> scriptomatic and I used the Win32_UserAccount, but this doesn't give me
> the
> last time that they logged on?
>
> I'm starting going crazy with this...
>
> For example I also nee to get software installed on those servers, again I
> used scriptomatic to create a script with Win32_Product, guess what?? Not
> all
> installed software is returned? Why? I did a test on a server with SQL
> installed and the SQL wasn't listed?
>
> Thank you all.
>

"Jmnts" <> wrote in message
news:39EC680A-2D1B-47C6-AF41-...
> Hi everyone,
>
> I'm starting to using (WMI) I downloaded the WMI code creator and
> scriptomatic and I used the Win32_UserAccount, but this doesn't give me
> the
> last time that they logged on?
>
> I'm starting going crazy with this...
>
> For example I also nee to get software installed on those servers, again I
> used scriptomatic to create a script with Win32_Product, guess what?? Not
> all
> installed software is returned? Why? I did a test on a server with SQL
> installed and the SQL wasn't listed?
>
> Thank you all.
>

To find the last time users logged into the domain you must query AD. I have
example VBScript programs linked here:

http://www.rlmueller.net/Last%20Logon.htm

Use LastLogonTimeStamp.vbs if your domain is at Windows Server 2003
functional level. Otherwise you can always use LastLogon.vbs.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Richard Mueller [MVP]" <rlmueller-> wrote in
message news:eRS$ld$...
>
> "Jmnts" <> wrote in message
> news:39EC680A-2D1B-47C6-AF41-...
>> Hi everyone,
>>
>> I'm starting to using (WMI) I downloaded the WMI code creator and
>> scriptomatic and I used the Win32_UserAccount, but this doesn't give me
>> the
>> last time that they logged on?
>>
>> I'm starting going crazy with this...
>>
>> For example I also nee to get software installed on those servers, again
>> I
>> used scriptomatic to create a script with Win32_Product, guess what?? Not
>> all
>> installed software is returned? Why? I did a test on a server with SQL
>> installed and the SQL wasn't listed?
>>
>> Thank you all.
>>
>
> To find the last time users logged into the domain you must query AD. I
> have example VBScript programs linked here:
>
> http://www.rlmueller.net/Last%20Logon.htm
>
> Use LastLogonTimeStamp.vbs if your domain is at Windows Server 2003
> functional level. Otherwise you can always use LastLogon.vbs.

I think what he wants is the user's last logon on that particular
workstation, not the user's last logon anywhere in the domain.

/Al

Good cmd line util

www.OptimumX.com
:/>netusers \\machinename /h


That or regarding WMI, enumerate the ProfileImagePath found under
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList", then pass
that to a function to using Win32_OperatingSystem to get the LastModified
date of the ntuser.dat.


"Al Dunbar" wrote:

>
> "Richard Mueller [MVP]" <rlmueller-> wrote in
> message news:eRS$ld$...
> >
> > "Jmnts" <> wrote in message
> > news:39EC680A-2D1B-47C6-AF41-...
> >> Hi everyone,
> >>
> >> I'm starting to using (WMI) I downloaded the WMI code creator and
> >> scriptomatic and I used the Win32_UserAccount, but this doesn't give me
> >> the
> >> last time that they logged on?
> >>
> >> I'm starting going crazy with this...
> >>
> >> For example I also nee to get software installed on those servers, again
> >> I
> >> used scriptomatic to create a script with Win32_Product, guess what?? Not
> >> all
> >> installed software is returned? Why? I did a test on a server with SQL
> >> installed and the SQL wasn't listed?
> >>
> >> Thank you all.
> >>
> >
> > To find the last time users logged into the domain you must query AD. I
> > have example VBScript programs linked here:
> >
> > http://www.rlmueller.net/Last%20Logon.htm
> >
> > Use LastLogonTimeStamp.vbs if your domain is at Windows Server 2003
> > functional level. Otherwise you can always use LastLogon.vbs.
>
> I think what he wants is the user's last logon on that particular
> workstation, not the user's last logon anywhere in the domain.
>
> /Al
>
>
>

Well shoot, if I'd of read Marcin's replay... that's it

"Al Dunbar" wrote:

>
> "Richard Mueller [MVP]" <rlmueller-> wrote in
> message news:eRS$ld$...
> >
> > "Jmnts" <> wrote in message
> > news:39EC680A-2D1B-47C6-AF41-...
> >> Hi everyone,
> >>
> >> I'm starting to using (WMI) I downloaded the WMI code creator and
> >> scriptomatic and I used the Win32_UserAccount, but this doesn't give me
> >> the
> >> last time that they logged on?
> >>
> >> I'm starting going crazy with this...
> >>
> >> For example I also nee to get software installed on those servers, again
> >> I
> >> used scriptomatic to create a script with Win32_Product, guess what?? Not
> >> all
> >> installed software is returned? Why? I did a test on a server with SQL
> >> installed and the SQL wasn't listed?
> >>
> >> Thank you all.
> >>
> >
> > To find the last time users logged into the domain you must query AD. I
> > have example VBScript programs linked here:
> >
> > http://www.rlmueller.net/Last%20Logon.htm
> >
> > Use LastLogonTimeStamp.vbs if your domain is at Windows Server 2003
> > functional level. Otherwise you can always use LastLogon.vbs.
>
> I think what he wants is the user's last logon on that particular
> workstation, not the user's last logon anywhere in the domain.
>
> /Al
>
>
>

I everyone, first of all let me thank you forall responses.

I Richard, in fact I need a script that I should run against several servers
(member servers and not DCs) and check who logged in that server and when was
the last time that they did that (I need to check this for local accounts and
domain accounts)

For example:
JSmith - Last Logon 10-10-2008
Domain\Bill - LastLogon 11-10-2008
etc....


Hi Martin,

I tried your script and it works, however the last logon dates are NOT
correct, I think that getting the profile lastlogon using the changed date of
the profile won't work vedry well.


Thank you all.

The WMI Win32_UserAccount class is not appropriate here. It would be
inefficient to access domain accounts with it, and it exposes very few
attributes. For example lastLogon is not exposed. It is used mostly for
limited purposes for local accounts.

Local accounts are stored in the SAM account database on the local computer
(whether member server, DC, domain joined client, or standalone
workstation). You use the WinNT provider to access information on local user
objects. Domain users are stored in Active Directory, a distributed
database. In most cases you use the LDAP provider and connect to the first
(nearest) Domain Controller that responds to your request. Most information
is identical no matter which DC is contacted. One of the exceptions is the
lastLogon attribute, which is not replicated.

To retrieve lastLogin for all local users in a computer (member server or
whatever) the code could be:
=====
Option Explicit
Dim strComputer, objComputer, objUser, dtmLastLogin

' Specify the computer.
' This can be remote (if you have permissions).
strComputer = "MyServer"

' Bind to the computer object.
Set objComputer = GetObject("WinNT://" & strComputer)

' Filter on objects of class user.
objComputer.Filter = Array("user")

' Enumerate all local users.
For Each objUser In objComputer
On Error Resume Next
dtmLastLogin = objUser.lastLogin
If (Err.Number <> 0) Then
On Error GoTo 0
dtmLastLogin = "Never"
End If
On Error GoTo 0
Wscript.Echo objUser.Name & "; " & dtmLastLogin
Next
========
Note the WinNT provider exposes the attribute with the name lastLogin, not
lastLogon. Also, there is no issue like replication to complicate the
situation, and the value is a date/time (so no conversion is required). The
only quirk is that an error is raised if the user has never logged in. This
error is trapped and handled in my example above.

For domain accounts it is best to use ADO to retrieve the names of all users
and the value of either lastLogon or (if the domain is at Windows Server
2003 functional level) lastLogonTimeStamp. Both attributes are Integer8 (a
64-bit number representing a date) so they must be converted to a date/time
in the current time zone (or left in UTC). Also, the lastLogon attribute is
not replicated, so you must specifically query every DC in the domain to get
the largest (latest) value for each user. I previously linked example
VBScript programs to retrieve lastLogon or lastLogonTimeStamp for all users
in the domain.

It makes little sense to code a program to retrieve values for both local
and domain users. The information on domain users would be identical on
every computer (such as member servers). A more important concept is that AD
does not know or save any information on which domain users login to which
computers. AD knows nothing of local users. The local SAM account database
knows nothing about domain users. You might attempt to determine which
domain users have logged into a computer by searching local profiles, but on
the newer clients you should not have permission to view this information.

If you need to know which users login to a computer (such as a member
server), one solution would be a logon script that logs computer name, user
name, and date/time to a shared log file. I have an example linked here:

http://www.rlmueller.net/Logon5.htm

This would only apply to domain users, but a similar local logon script
could be written. Another issue is that perhaps you should not allow users
(except the Administrator user) to login locally to a member server.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Jmnts" <> wrote in message
news:015C0CEB-DC64-4821-BAB0-...
>I everyone, first of all let me thank you forall responses.
>
> I Richard, in fact I need a script that I should run against several
> servers
> (member servers and not DCs) and check who logged in that server and when
> was
> the last time that they did that (I need to check this for local accounts
> and
> domain accounts)
>
> For example:
> JSmith - Last Logon 10-10-2008
> Domain\Bill - LastLogon 11-10-2008
> etc....
>
>
> Hi Martin,
>
> I tried your script and it works, however the last logon dates are NOT
> correct, I think that getting the profile lastlogon using the changed date
> of
> the profile won't work vedry well.
>
>
> Thank you all.
>