Notification

Icon
Error

Local Admin logged on to workstations report from last 24 hours

Posted: Tuesday, June 8, 2021 5:15:13 PM(UTC)
adeos

adeos

Member Original PosterPosts: 2
0
Like
Needing a report that shows workstations has a local admin logged on from last 24 hours

I appreciate it and thanks in advance
Joshua
#1Joshua Member Posts: 13  
posted: 6/10/2021 3:33:23 PM(UTC)
This is a pretty basic report that will show if any built in local admin accounts have logged into a computer in the past day. You can change DATEADD(day, -1, GETDATE()) to go back however many days you want.

SELECT tblCPlogoninfo.AssetID, tblAssets.AssetName, tblCPlogoninfo.LogonTime, tblCPlogoninfo.Username, tblCPlogoninfo.IPaddress
FROM tblCPlogoninfo
LEFT JOIN tblAssets ON tblCPlogoninfo.AssetID = tblAssets.AssetID
LEFT JOIN tblUsers ON tblUsers.AssetID = tblAssets.AssetID AND tblUsers.buildinadmin = 1
WHERE tblCPlogoninfo.Username = tblUsers.Name and tblCPlogoninfo.logontime >= DATEADD(day, -1, GETDATE())


If you want to get more complicated you can do something like the below that will show if anyone in the local administrator group logs into a machine. This report will get noisy if you have some people who are a local admin as it will show every time they login to their workstation.

SELECT tblCPlogoninfo.AssetID, tblAssets.AssetName, tblCPlogoninfo.LogonTime, tblCPlogoninfo.Username, tblCPlogoninfo.IPaddress
FROM tblCPlogoninfo
LEFT JOIN tblAssets ON tblCPlogoninfo.AssetID = tblAssets.AssetID
LEFT JOIN tblUsersInGroup ON tblUsersInGroup.AssetID = tblAssets.AssetID AND tblUsersInGroup.Groupname like 'Administrators' AND tblUsersInGroup.Username = tblCPlogoninfo.Username
WHERE tblUsersInGroup.Username IS NOT NULL and tblCPlogoninfo.logontime >= DATEADD(day, -1, GETDATE())

If you wanted to get even more complicated you could tie into AD groups that have local admin rights but I think that might be more than what you're asking.
adeos
#2adeos Member Original PosterPosts: 2  
posted: 6/11/2021 10:21:58 PM(UTC)
Originally Posted by: Joshua Go to Quoted Post
This is a pretty basic report that will show if any built in local admin accounts have logged into a computer in the past day. You can change DATEADD(day, -1, GETDATE()) to go back however many days you want.

SELECT tblCPlogoninfo.AssetID, tblAssets.AssetName, tblCPlogoninfo.LogonTime, tblCPlogoninfo.Username, tblCPlogoninfo.IPaddress
FROM tblCPlogoninfo
LEFT JOIN tblAssets ON tblCPlogoninfo.AssetID = tblAssets.AssetID
LEFT JOIN tblUsers ON tblUsers.AssetID = tblAssets.AssetID AND tblUsers.buildinadmin = 1
WHERE tblCPlogoninfo.Username = tblUsers.Name and tblCPlogoninfo.logontime >= DATEADD(day, -1, GETDATE())


If you want to get more complicated you can do something like the below that will show if anyone in the local administrator group logs into a machine. This report will get noisy if you have some people who are a local admin as it will show every time they login to their workstation.

SELECT tblCPlogoninfo.AssetID, tblAssets.AssetName, tblCPlogoninfo.LogonTime, tblCPlogoninfo.Username, tblCPlogoninfo.IPaddress
FROM tblCPlogoninfo
LEFT JOIN tblAssets ON tblCPlogoninfo.AssetID = tblAssets.AssetID
LEFT JOIN tblUsersInGroup ON tblUsersInGroup.AssetID = tblAssets.AssetID AND tblUsersInGroup.Groupname like 'Administrators' AND tblUsersInGroup.Username = tblCPlogoninfo.Username
WHERE tblUsersInGroup.Username IS NOT NULL and tblCPlogoninfo.logontime >= DATEADD(day, -1, GETDATE())

If you wanted to get even more complicated you could tie into AD groups that have local admin rights but I think that might be more than what you're asking.


Thank you very much Joshua this has helped me a ton! More power to you sir

Active Discussions

Report Center Show newly discovered software
by  CyberCitizen   Go to last post Go to first unread
Last post: 6/16/2021 12:06:21 AM(UTC)
Lansweeper Multiple Devices Owned by Users (asset relations)
by  Charles S.  
Go to last post Go to first unread
Last post: 6/15/2021 9:38:26 PM(UTC)
Lansweeper Show Date Without Time
by  RC62N   Go to last post Go to first unread
Last post: 6/15/2021 9:04:47 PM(UTC)
Lansweeper Windows 10 Version Chart
by  RC62N  
Go to last post Go to first unread
Last post: 6/14/2021 6:16:52 PM(UTC)
Lansweeper LSAgent Report
by  brodiemac-too   Go to last post Go to first unread
Last post: 6/14/2021 5:27:29 PM(UTC)