Return current/last user for a list of machines.

machineuserdetails.ps1

# ====================================================================
# Retrieve current or last user logon details for a list of machines
# Tom Latham (13/05/2010)
# ====================================================================

Function Get-FileName
# Open file dialog box and select a file to import
{   
    [void][System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms")

    $OpenFileDialog = New-Object System.Windows.Forms.OpenFileDialog
    $OpenFileDialog.initialDirectory = $initialDirectory
    $OpenFileDialog.filter = "Text Files (*.txt)| *.txt" # Set the file types visible to dialog
    
    $OpenFileDialog.initialDirectory = "c:\"
    
    $OpenFileDialog.ShowDialog() | Out-Null
    $OpenFileDialog.filename
}

Function Set-Filename
# Set file name for saving export
{
    [void][System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms")
    $SaveFileDialog = New-Object System.Windows.Forms.SaveFileDialog
    $SaveFileDialog.Filter = "csv files (*.csv)|*.csv"
   
    $SaveFileDialog.initialDirectory = "c:\"
    
    if ($SaveFileDialog.ShowDialog() -eq [System.Windows.Forms.DialogResult]::OK)
    { $SaveFileDialog.FileName }
    
}

Function Get-Logon($computer)
# Return last logon details for a given asset
{
    $pingresult = Ping-Machine($computer)
    if ($pingresult -eq 0)
    {
        $username = Get-CurrentUser($computer)
        if ($username -ne $null)
        { return "$computer, $username" }
        else 
        { 
            $domain, $username = Get-LastUser($computer)
            $lastlogon = Get-LastLogon $computer $username
            return "$computer,$domain\$username,$lastlogon"
        }
    }
    else { return "$computer,Unable to ping." }
}

# Ping machine
Function Ping-Machine($computer) { $wmi = gwmi -query "select * from win32_pingstatus where address = '$computer'"; return $wmi.StatusCode }

# Return username of currently logged on user
Function Get-CurrentUser($computer) { $wmi = gwmi -query "select * from win32_computersystem" -computername $computer; return $wmi.UserName }

# Return login time of last user
Function Get-LastLogon($computer,$username) { return (get-childitem "\\$computer\c$\Documents and Settings\$username\ntuser.dat").LastWriteTime }

Function Get-LastUser($computer)
# Return last logged on user using the registry
{ 
    $regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine, $computer)
    $key = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\"
    $regKey = $regKey.OpenSubKey($key)
    return $regkey.GetValue("DefaultDomainName"), $regkey.GetValue("DefaultUserName")
}

# Run get-logon function across multiple machines
Function Run-Program ($computernames) { foreach ($computer in $computernames) { Get-Logon($computer) } }

$filename = Get-FileName # Allow user to select import file
$computernames = get-content $filename # Extract content from filename object
$filename = Set-FileName #Allow user to select export file

Run-Program ($computernames) | select-object @{Name="Machine";Expression={$_.Split(",")[0]}},@{Name="User";Expression={$_.Split(",")[1]}}, `
            @{Name="Time";Expression={$_.Split(",")[2]}} |export-csv $filename -notypeinformation

machineuserdetails.vbs

'------------- USAGE ------------------------

wScript.Echo GetLogonState("D01226954")

'------------- FUNCTIONS --------------------

'For a given machine, test for user. If not found, get last user details.
Function GetLogonState(Computer)

  If PingMachine(Computer) Then
		If Not IsNull(CurrentUser(Computer)) Then
			GetLogonState = Computer & "," & CurrentUser(Computer)
		Else
			Dim sLastuser : sLastuser = LastUser(Computer)
			Dim aUser : aUser = Split(sLastuser, "\")
			GetLogonState = Computer & "," & sLastuser & _
							"," & GetModifiedDate(Computer, aUser(1))
		End If
	Else
		GetLogonstate = Computer & ",Unable to ping."
	End If
End Function

'Ping a given machine. Return True if machine is pingable, otherwise false.
Function PingMachine(Computer)

	Dim oWMI : Set oWMI = GetObject("winmgmts:\\.\root\cimv2") 
	Dim oCollection : Set oCollection = oWMI.ExecQuery("Select * from Win32_PingStatus Where Address = '" & Computer & "'")
	For Each oItem in oCollection
		If (oItem.StatusCode = 0) Then
			PingMachine = True
		End If
	Next
End Function

'Query WMI for current user of machine	
Function CurrentUser(Computer)

	Dim oWMI : Set oWMI = GetObject("winmgmts:\\" & Computer & "\root\cimv2")
	Set oCollection = oWMI.ExecQuery("select * from win32_computersystem")
	
	For Each oItem in oCollection
		CurrentUser = oItem.UserName 'Return current user name
	Next
End Function

'Query registry for last user of machine
Function LastUser(Computer)

	Const HKEY_LOCAL_MACHINE = &H80000002, KEYPATH = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon"
	Const DOMAIN = "DefaultDomainName", USER = "DefaultUserName"
	
	Dim oRegistry : Set oRegistry = GetObject("winmgmts:\\" & Computer & "\root\default:StdRegProv")
	Dim sDomain : oRegistry.GetStringValue HKEY_LOCAL_MACHINE,KEYPATH,DOMAIN,sDomain
	Dim sUsername : oRegistry.GetStringValue HKEY_LOCAL_MACHINE,KEYPATH,USER,sUsername
	
	LastUser = sDomain & "\" & sUsername 'Return last domain and user name
End Function

'Get last modified date of ntuser.dat in user folder for last logon time.
Function GetModifiedDate(Computer, Username)

	Dim oFS : Set oFS = CreateObject("Scripting.FileSystemObject")
	Dim sPath : sPath = "\\" & Computer & "\C$\Documents and Settings\" & Username & "\ntuser.dat"
	
	Dim oFile : Set oFile = oFS.GetFile(sPath)
	GetModifiedDate = oFile.DateLastModified 'Return file timestamp
End Function