‎06-08-2021 06:15 PM
‎06-10-2021 04:33 PM
‎06-11-2021 11:21 PM
Joshua wrote:
This is a pretty basic report that will show if any built in local admin accounts have logged into a computer in the past day. You can change DATEADD(day, -1, GETDATE()) to go back however many days you want.
SELECT tblCPlogoninfo.AssetID, tblAssets.AssetName, tblCPlogoninfo.LogonTime, tblCPlogoninfo.Username, tblCPlogoninfo.IPaddress
FROM tblCPlogoninfo
LEFT JOIN tblAssets ON tblCPlogoninfo.AssetID = tblAssets.AssetID
LEFT JOIN tblUsers ON tblUsers.AssetID = tblAssets.AssetID AND tblUsers.buildinadmin = 1
WHERE tblCPlogoninfo.Username = tblUsers.Name and tblCPlogoninfo.logontime >= DATEADD(day, -1, GETDATE())
If you want to get more complicated you can do something like the below that will show if anyone in the local administrator group logs into a machine. This report will get noisy if you have some people who are a local admin as it will show every time they login to their workstation.
SELECT tblCPlogoninfo.AssetID, tblAssets.AssetName, tblCPlogoninfo.LogonTime, tblCPlogoninfo.Username, tblCPlogoninfo.IPaddress
FROM tblCPlogoninfo
LEFT JOIN tblAssets ON tblCPlogoninfo.AssetID = tblAssets.AssetID
LEFT JOIN tblUsersInGroup ON tblUsersInGroup.AssetID = tblAssets.AssetID AND tblUsersInGroup.Groupname like 'Administrators' AND tblUsersInGroup.Username = tblCPlogoninfo.Username
WHERE tblUsersInGroup.Username IS NOT NULL and tblCPlogoninfo.logontime >= DATEADD(day, -1, GETDATE())
If you wanted to get even more complicated you could tie into AD groups that have local admin rights but I think that might be more than what you're asking.
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now