Example #1
0
        public static IEnumerable <LastLoggedOnUser> Get_WMIRegLastLoggedOn(Args_Get_WMIRegLastLoggedOn args = null)
        {
            if (args == null)
            {
                args = new Args_Get_WMIRegLastLoggedOn();
            }

            var LastLoggedOnUsers = new List <LastLoggedOnUser>();

            foreach (var Computer in args.ComputerName)
            {
                // HKEY_LOCAL_MACHINE
                var HKLM = 2147483650;

                // try to open up the remote registry key to grab the last logged on user
                try
                {
                    var Reg = WmiWrapper.GetClass($@"\\{Computer}\ROOT\DEFAULT", "StdRegProv", args.Credential);
                    var Key = @"SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI";

                    var Value     = "LastLoggedOnUser";
                    var outParams = WmiWrapper.CallMethod(Reg, "GetStringValue", new Dictionary <string, object> {
                        { "hDefKey", HKLM }, { "sSubKeyName", Key }, { "sValueName", Value }
                    }) as System.Management.ManagementBaseObject;
                    var LastUser = outParams["sValue"] as string;

                    var LastLoggedOn = new LastLoggedOnUser
                    {
                        ComputerName = Computer,
                        LastLoggedOn = LastUser
                    };
                    LastLoggedOnUsers.Add(LastLoggedOn);
                }
                catch
                {
                    Logger.Write_Warning("[Get-WMIRegLastLoggedOn] Error opening remote registry on $Computer. Remote registry likely not enabled.");
                }
            }
            return(LastLoggedOnUsers);
        }
Example #2
0
 public static IEnumerable <LastLoggedOnUser> Get_LastLoggedOn(Args_Get_WMIRegLastLoggedOn args = null)
 {
     return(GetWMIRegLastLoggedOn.Get_WMIRegLastLoggedOn(args));
 }