Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 11

Servers with no logins within last 180 days?

Is there a way to have lastlogon data pulled from OS as a report or monitored alertable method. 

I know it shows up in asset inventory however I'm curious if it's possible to monitor it at the Windows level without eating SAM licenses to do it.

0 Kudos
1 Reply
Community Manager
Community Manager

The only way I can see doing this will consume a SAM license, but it'll be overall more reliable for your monitoring.

If you just need a point in time check, you can always use PowerShell outside of SAM to look up the information (Event Logs, WMI calls, CIM instances).  You need to decide what value you're going to use as your basis for the 180 days thing.

This is something I had from YEARS ago when I was first getting started with PowerShell.  I have no idea where I got it or what modifications I made, but it still looks solid if you want to use it as a starting off point.

$ListOfComputers = "Server1.domain.local", "Server2.domain.local", "ServerXX.domain.local"

Get-WmiObject -Class Win32_UserProfile -ComputerName $ListOfComputers | Where-Object { -not $_.Special } | Sort-Object -Property LastUseTime -Descending | Select-Object -Property @{ Name = "LastLogin"; Expression = { [Management.ManagementDateTimeConverter]::ToDateTime($_.LastUseTime) } }, @{ Name = "Username"; Expression = { Split-Path -Path $_.LocalPath -Leaf } }, @{ Name = "ComputerName"; Expression = { $_.PSComputerName } }

I wouldn't run this against a big list of computers for testing, but it should work.  It does the work by leveraging the UserProfile WMI Object.  Not the most authoritative class you can use, but it worked for me a long time back for what I needed.

"Shoot for the stars to reach the moon"
0 Kudos