Windows Can't Do It - Building Your Own Logon Tracking


Whenever I teach a Windows-related class of almost any kind, one of the big questions that tends to come up is “How can I tell what user is logged onto a workstation,” or “How can I tell which workstation a particular user is logged on to?”


Sadly, the answer is usually, “um, you can’t.” At least, not with the native Windows tools, simply because Windows doesn’t track that information anywhere. First of all, understand that Windows is inherently a multi-user operating system. You only really get a sense of that on a Remote Desktop Services server, where multiple users actually do log on simultaneously, but you can also see it on any server when a couple of administrators are remoting in using Remote Desktop Connection. Even Windows client operating systems, like Windows 7 or Windows XP, inherently understand the idea that more than one user can be logged on, interactively, at the same time – even if they don’t actually allow that to happen all the time (Fast User Switching in the Home editions of those operating systems do allow multiple users to be logged on at once, if not actually active simultaneously). Anyway, that multiple-user viewpoint means that Windows can’t just pop a username into a field someplace for you to check, because that field would need to be able to hold multiple user names.


The easiest solution would be if Microsoft put a multiple-value attribute onto the Computer class inside Active Directory. Then, whenever a user logged on to a computer, the computer would write that person’s name into that attribute, which you could then query to see who was logged on. When the user logged off, the computer could contact the domain and remove their name from the attribute. It wouldn’t be perfect, because sometimes a workstation doesn’t get that opportunity – say, if a user yanks the power plug. But because most organizations dedicate one computer to one user, you’d have the right information most of the time. But it doesn’t matter, because Microsoft hasn’t done that.


Read my article where I explain how to build workstation logon tracking or you can watch me build a logon tracking using a VBScript in this video.


If you want this capability then, you’re going to have to build it yourself. How do you think you’ll approach this problem?