This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What does "Windows computers logged onto" really mean?

StillGoing
Engaged Sweeper III

2 weeks ago

I had a colleague suggest that Lansweeper was 'broken' based on the 'computers logged onto' section of an AD users summary page. In this case, he was looking at one of his own accounts, and this is an excerpt of the results:

Screenshot 2024-04-17 145732.png

The key here is that he certainly did not "Logon" to all of these computers at Noon today. In fact, while these were all servers he does manage, and logs into frequently, he had not been on most of these in the past few days. So, in fact the information shown here is misleading.

Now, based on what I know of how Lansweeper tracks user logons, I expect that the timestamp shown in the "Logon" column is actually NOT anything to do with logons, but is rather the "Last successful scan" timestamp of that asset. And, indeed, I checked a few of these systems, and the timestamps did match up. So, based on what I can find, this data represents one of the following:

  1. At the last scan of this system, this user was recorded as the most recently logged on user
    OR
  2. At the last scan of this system, this user was on the list of users who have logged into this system at some point

Can anyone confirm my findings here, and possibly suggest why this information is presented as it is, and which of my suggested scenarios best describe the results? Is there ever a circumstance where the data shown here ever shows the timestamp of an actual logon event? Or is it always scan times? If so, I'd really like to see the column names updated to reflect what is actually shown.

Thoughts? I just like to have decent answers when I'm asked these types of questions.

Labels:
4 REPLIES 4
StillGoing
Engaged Sweeper III

Thursday - last edited Thursday

I apologize if I came across as snarky; that was not my intention. I was simply hoping for a more definitive answer. And while, yes, I could open a support ticket, I thought this may actually be an interesting topic for discussion here. 

I have seen the article you reference (and agree that Esben is a super-nice guy), and in fact I have used this as a reference internally to inform our IS staff of how Lansweeper works. But I have found that the values in the 'Windows computers logged onto" doesn't exactly line up. In fact, I did some verification today just to confirm.

In this case, I checked the my own account in Lansweeper and looked at the 'Windows computers logged onto' information. It indicated that I had logged into three servers today; I have, in fact, not logged into any of these servers today. I have checked the event logs on our DCs to confirm, and they do not show any evidence of my logging in to any of those systems today, in any way. I checked that 'Lastlogondate' for one of those servers in AD, and it showed that the last logon on that server was from two days ago. Since we have a strict forced logoff after inactivity policy, I know that I was not 'logged on' when this server was scanned today. So, the question remains ... what exactly does the 'Logon' date represent here? It is not the most recent scan time of the asset, and it does not represent a real login time for the user, so what does it represent?

This may sound pedantic, and I accept that. My point isn't to find the real login times for a user or system; we have lots of tools to do that, and I have made our staff know that Lansweeper is NOT a tool for that sort of data. Rather, my intention is to see if anyone has a more definitive answer we could pass on to Lansweeper, possibly as an enhancement. Currently, the data shown in this box is confusing and possibly misleading, and I'm looking for opportunities to see what we can improve.

I should probably mention that we are running v11.1.10.5, so this is recent information.

0 Kudos
rom
Champion Sweeper III

2 weeks ago - last edited 2 weeks ago

I'm pretty sure it's the currently logged on user at the time of scan.  I use that information to make a report for still-logged-on engineers that have exception to the auto-logoff GPO to shame them 🙂

StillGoing
Engaged Sweeper III
In response to rom

Wednesday

Yeah, but I'm 'pretty sure' that is NOT what this represents since the logon times do NOT correspond to a time when anyone is actively logged in to these assets. We have policies in place to actively log out users on the servers after a period of inactivity (only a couple of hours), and the admin who brought this up to me knew that he had not logged on to the assets in scope for several days. And this is consistent across multiple assets and users. Hence this post to get some clarification on this item. 

So thanks for the response, but I'm hoping for something a little more definitive. ðŸ™‚

0 Kudos
rom
Champion Sweeper III
In response to StillGoing

Wednesday - last edited Wednesday

you can enter a support ticket if you want something definitive, but that's the way it should work, unless there's a bug in a newer version of the app -  i'm on 11.1.5.1 and it is working as intended.  I tend to say 'pretty sure' so I don't get anyone angry at me if I'm incorrect, which obviously failed in this case.  In this scenario, I generally either log on to the server/machine in question and verify (if its a one-off case) and see the logged-on or disconnected user as expected, or, I run https://learn.microsoft.com/en-us/sysinternals/downloads/psloggedon

 

You can also reference: https://community.lansweeper.com/t5/reports-analytics/active-directory-user-last-logon/td-p/31109  "However, by default Lansweeper will only scan which user was logged in at the time of the Lansweeper scan."   This post was by Esben - who is a LS employee and more importantly a super-nice guy.

 

 
 

2024-04-24 09_46_16-ZILL_rom.png

0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now