Users - Windows
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Users - Windows4/24/2016 7:52:50 PM
2Users - Windows5/10/2016 7:11:26 AM
3Users - Windows5/28/2016 4:10:20 PM
4Users - Windows5/30/2016 10:55:42 AM
5Users - Windows7/13/2016 9:18:00 PM
6Users - Windows7/19/2016 5:56:20 PM
7Users - Windows8/9/2016 7:36:17 AM
8Users - Windows9/12/2016 12:24:57 PM
9Users - Windows9/13/2016 4:49:08 PM
10Users - Windows11/8/2016 11:44:16 AM
11Users - Windows6/6/2017 9:51:21 AM

Description

This Analysis provides Windows-specific user information for the currently active user including:

  • Drive Mappings for the currently active user
  • Administrator status of currently active user

This Analysis also provides the following general information for users of the system: 

  • The previously logged on user for the system
  • The last logon timestamp for each previous user of the system

Note: OS Upgrades may reset last logon timestamp to the date of the upgrade.

For general information or to report issues with C3 Inventory content please visit GitHub here: https://github.com/strawgate/C3-Inventory


Property Details

ID2998571
TitleUsers - Windows
DomainBESC
Added by on 6/6/2017 9:51:21 AM
Last Modified by on 6/6/2017 9:51:21 AM
Counters 2826 Views / 78 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

Users - Last Logged on - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(sid (it) as string | it ) of (string values whose (set of ("S-1-5-20";"S-1-5-19";"S-1-5-18") does not contain it) of properties "sid" of items 0 of (it whose (preceding text of first "." of string value of property "LastUseTime" of item 0 of it as integer = item 1 of it) of (select objects "* from Win32_UserProfile" of wmi, it) of (maximum of (preceding text of first "." of string value of property "LastUseTime" of it as integer) of select objects "* from Win32_UserProfile" of wmi)))
Current User - Drive Mappings - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(concatenations "\" of substrings separated by "#" of name of it) of keys whose (name of it contains "#") of keys "Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" of (current user keys (logged on users) of registry)
Users - Last Logon Time - Windows
Period 12 hours
 
  * Results in a true/false
Show indented relevance
(sid (string value of property "sid" of it) as string | string value of property "sid" of it, time value of property "LastUseTime" of it) of (select objects "* from Win32_UserProfile" of wmi) whose (set of ("S-1-5-20";"S-1-5-19";"S-1-5-18") does not contain string value of property "sid" of it)
Current User - Administrator - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
exists elements of intersection of ( /*IS THE LOGGED IN USER AN ADMINISTRATOR? */ set of ( /* User's SID and Group Memberships */ ((sids of groups of logged on user of active directory) as string); /*User Group Memberships */ (sid of logged on user) as string /*Users SID*/ );( set of (/*Users and Groups in Administrators */ sids of members of local group "administrators" as string) ) )

Relevance

isWindows (Relevance 1172)
Used in 1111 fixlets and 524 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 27 fixlets and 130 analyses   * Results in a true/false
Show indented relevance
NOT in proxy agent context

Sharing

Social Media:
Share this page on Yammer

Comments