Thanks, that first one may be good enough. On Mon, Apr 6, 2009 at 2:34 PM, <[email protected]> wrote:
> See if the following does what you are looking for: > wmic netlogin get name,lastlogon > > You may also find this handy: > wmic netlogin get name,lastlogon,badpasswordcount > > > This information as well as other WMIC tips/tricks was featured in Episode > 141 - http://www.pauldotcom.com/wiki/index.php/Episode141 > > -- > byte_bucket > > > Well, this works in vista: > > wmic ntevent where "EventIdentifier = '4624' OR EventIdentifier='4634' > AND > > Logfile = 'Security'" GET Message,TimeGenerated /format:htable > > crap.html > > > > But it has so much extra data it's hard to read though. I'd just like to > > know about user logons, but this show system logons as well. > > > > Thanks, > > Adrian > > > > On Mon, Apr 6, 2009 at 11:57 AM, Nick Baronian <[email protected]> > > wrote: > > > >> If you don't mind, let me know if it works on Vista. I would like to > >> update my personal notes. > >> > >> > >> On Mon, Apr 6, 2009 at 10:13 AM, Adrian Crenshaw > >> <[email protected]>wrote: > >> > >>> Thanks, I'll give it a try. > >>> Adrian > >>> > >>> > >>> On Mon, Apr 6, 2009 at 9:57 AM, Nick Baronian > >>> <[email protected]>wrote: > >>> > >>>> I don't have access to a Vista machine right now and I believe they > >>>> changed the EventID numbers but a wmic query should still work. > >>>> > >>>> wmic ntevent where "EventIdentifier = '540' OR EventIdentifier ='528' > >>>> AND > >>>> Logfile = 'Security'" GET Message,TimeGenerated /format:htable > > >>>> users.html > >>>> > >>>> For Vista and 2k8, I think 528 is now be 4624 and 540 is now 4636. > >>>> You > >>>> might want to double check that. > >>>> > >>>> > >>>> > >>>> > >>>> On Mon, Apr 6, 2009 at 12:11 AM, Adrian Crenshaw > >>>> <[email protected]>wrote: > >>>> > >>>>> I just noticed the Windows Vista event log has changed a lot of stuff > >>>>> about how it logs logon events. The stuff I wrote way back when no > >>>>> longer > >>>>> works. Anyone know a way to get an easy to read list of > >>>>> logon/logoffs with > >>>>> the associated user names? Something like the *nix last command. > >>>>> > >>>>> Thanks, > >>>>> Adrian > >>>>> > >>>>> _______________________________________________ > >>>>> Pauldotcom mailing list > >>>>> [email protected] > >>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >>>>> Main Web Site: http://pauldotcom.com > >>>>> > >>>> > >>>> > >>> > >> > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
