This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Local Admin logged on to workstations report from ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-08-2021 06:15 PM
Needing a report that shows workstations has a local admin logged on from last 24 hours
I appreciate it and thanks in advance
I appreciate it and thanks in advance
Labels:
- Labels:
-
Report Center
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-10-2021 04:33 PM
This is a pretty basic report that will show if any built in local admin accounts have logged into a computer in the past day. You can change DATEADD(day, -1, GETDATE()) to go back however many days you want.
SELECT tblCPlogoninfo.AssetID, tblAssets.AssetName, tblCPlogoninfo.LogonTime, tblCPlogoninfo.Username, tblCPlogoninfo.IPaddress
FROM tblCPlogoninfo
LEFT JOIN tblAssets ON tblCPlogoninfo.AssetID = tblAssets.AssetID
LEFT JOIN tblUsers ON tblUsers.AssetID = tblAssets.AssetID AND tblUsers.buildinadmin = 1
WHERE tblCPlogoninfo.Username = tblUsers.Name and tblCPlogoninfo.logontime >= DATEADD(day, -1, GETDATE())
If you want to get more complicated you can do something like the below that will show if anyone in the local administrator group logs into a machine. This report will get noisy if you have some people who are a local admin as it will show every time they login to their workstation.
SELECT tblCPlogoninfo.AssetID, tblAssets.AssetName, tblCPlogoninfo.LogonTime, tblCPlogoninfo.Username, tblCPlogoninfo.IPaddress
FROM tblCPlogoninfo
LEFT JOIN tblAssets ON tblCPlogoninfo.AssetID = tblAssets.AssetID
LEFT JOIN tblUsersInGroup ON tblUsersInGroup.AssetID = tblAssets.AssetID AND tblUsersInGroup.Groupname like 'Administrators' AND tblUsersInGroup.Username = tblCPlogoninfo.Username
WHERE tblUsersInGroup.Username IS NOT NULL and tblCPlogoninfo.logontime >= DATEADD(day, -1, GETDATE())
If you wanted to get even more complicated you could tie into AD groups that have local admin rights but I think that might be more than what you're asking.
SELECT tblCPlogoninfo.AssetID, tblAssets.AssetName, tblCPlogoninfo.LogonTime, tblCPlogoninfo.Username, tblCPlogoninfo.IPaddress
FROM tblCPlogoninfo
LEFT JOIN tblAssets ON tblCPlogoninfo.AssetID = tblAssets.AssetID
LEFT JOIN tblUsers ON tblUsers.AssetID = tblAssets.AssetID AND tblUsers.buildinadmin = 1
WHERE tblCPlogoninfo.Username = tblUsers.Name and tblCPlogoninfo.logontime >= DATEADD(day, -1, GETDATE())
If you want to get more complicated you can do something like the below that will show if anyone in the local administrator group logs into a machine. This report will get noisy if you have some people who are a local admin as it will show every time they login to their workstation.
SELECT tblCPlogoninfo.AssetID, tblAssets.AssetName, tblCPlogoninfo.LogonTime, tblCPlogoninfo.Username, tblCPlogoninfo.IPaddress
FROM tblCPlogoninfo
LEFT JOIN tblAssets ON tblCPlogoninfo.AssetID = tblAssets.AssetID
LEFT JOIN tblUsersInGroup ON tblUsersInGroup.AssetID = tblAssets.AssetID AND tblUsersInGroup.Groupname like 'Administrators' AND tblUsersInGroup.Username = tblCPlogoninfo.Username
WHERE tblUsersInGroup.Username IS NOT NULL and tblCPlogoninfo.logontime >= DATEADD(day, -1, GETDATE())
If you wanted to get even more complicated you could tie into AD groups that have local admin rights but I think that might be more than what you're asking.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-11-2021 11:21 PM
Joshua wrote:
This is a pretty basic report that will show if any built in local admin accounts have logged into a computer in the past day. You can change DATEADD(day, -1, GETDATE()) to go back however many days you want.
SELECT tblCPlogoninfo.AssetID, tblAssets.AssetName, tblCPlogoninfo.LogonTime, tblCPlogoninfo.Username, tblCPlogoninfo.IPaddress
FROM tblCPlogoninfo
LEFT JOIN tblAssets ON tblCPlogoninfo.AssetID = tblAssets.AssetID
LEFT JOIN tblUsers ON tblUsers.AssetID = tblAssets.AssetID AND tblUsers.buildinadmin = 1
WHERE tblCPlogoninfo.Username = tblUsers.Name and tblCPlogoninfo.logontime >= DATEADD(day, -1, GETDATE())
If you want to get more complicated you can do something like the below that will show if anyone in the local administrator group logs into a machine. This report will get noisy if you have some people who are a local admin as it will show every time they login to their workstation.
SELECT tblCPlogoninfo.AssetID, tblAssets.AssetName, tblCPlogoninfo.LogonTime, tblCPlogoninfo.Username, tblCPlogoninfo.IPaddress
FROM tblCPlogoninfo
LEFT JOIN tblAssets ON tblCPlogoninfo.AssetID = tblAssets.AssetID
LEFT JOIN tblUsersInGroup ON tblUsersInGroup.AssetID = tblAssets.AssetID AND tblUsersInGroup.Groupname like 'Administrators' AND tblUsersInGroup.Username = tblCPlogoninfo.Username
WHERE tblUsersInGroup.Username IS NOT NULL and tblCPlogoninfo.logontime >= DATEADD(day, -1, GETDATE())
If you wanted to get even more complicated you could tie into AD groups that have local admin rights but I think that might be more than what you're asking.
Thank you very much Joshua this has helped me a ton! More power to you sir
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
