→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
sbrunk
Engaged Sweeper II
In our environment we use scheduled scans, IP range scans, and LSPush scans. The LSPush scans are triggered not via login scripts but by scheduled tasks and run as the local System account. We have many computers that show up in Lansweeper where the Last user appears as the computer name with a dollar sign at the end of it, for example COMPUTER123$. In testing, I think I've narrowed this down to where this occurs when an LSPush scan runs on the computer when no one is logged on.

With all three scan types, if a user is logged on to the computer when the scan runs, the Last user field is populated with the name of that user. With the scheduled scan and IP range scan methods, if no user is logged on when the scan runs, the Last user field is not modified. However, with the LSPush scan method, if no user is logged on when the scan runs, the Last user field appears to be updated to the name of the computer with a dollar sign.

In researching this, I found this thread:

http://www.lansweeper.com/Forum/yaf_postst9313_Last-User-showing-as-Computer-name.aspx#post36728

Our computers generally have version 5.2.0.40 of the LSPush executable on them and we are getting ready to distribute the new 6.0.0.1 version to them. The information in that thread is correct in that when a user is logged on when the scan runs, LSPush now captures that and populates the Last user field correctly. However, if no user is logged on when the LSPush scan runs, it appears to exhibit the behavior I have described.

Is this by design or a bug? It seems to me like the LSPush scans should behave similarly to the other scanning methods, i.e. if no user is logged on when the scan runs, the Last user field should not be modified.
1 ACCEPTED SOLUTION
Daniel_B
Lansweeper Alumni
This is expected behavior. If no user is currently logged on, the session of the SYSTEM account will get scanned. Its username consists of the hostname plus dollar sign. "Last logged on user" is a bit misleading. This field contains the user who was logged on to the computer during the last scan. There is no way to read which "regular" user was logged on last time if that user already logged off again.

View solution in original post

3 REPLIES 3
Daniel_B
Lansweeper Alumni
We will have a look at it. I can't promise if it will be changed, but indeed it would be more consistent if the username would not get updated in case a computer was scanned with LsPush in a startup script.
sbrunk
Engaged Sweeper II
Is this behavior something you would be willing to add to the request list for possible change? In my view, the behavior in this instance should be consistent between the various scanning methods, and the LSPush scan behavior is not consistent with the other methods.
Daniel_B
Lansweeper Alumni
This is expected behavior. If no user is currently logged on, the session of the SYSTEM account will get scanned. Its username consists of the hostname plus dollar sign. "Last logged on user" is a bit misleading. This field contains the user who was logged on to the computer during the last scan. There is no way to read which "regular" user was logged on last time if that user already logged off again.