0

I would like to inventory the users and groups that are allowed to connect to a computer (interactively or remotely). The computer can be either in a workgroup or in an active directory but primarily in an active directory. If a group has access, I would also like to know which users are members of that group so that I can determine if the user has access granted directly or thanks to a role.

I would like to do it using PowerShell and remotely but I don't know from where to start.

NB: Part of the solution can be found here (who has logged on?)

Improve this question
5
  • Sure, it's (to me) an indication to see if the ones who have access have recently used their account.
    – Jefferson B. Elias
    Commented Apr 26, 2016 at 12:19
  • there's a logonworkstations property foreach user in get-aduser. that should be your starting point.
    – SimonS
    Commented Apr 26, 2016 at 15:42
  • It's not clear if you want a list of users/groups that CAN connect or user/groups that HAVE connected? If it's the former then group policy RSOP would help. Defaults here - technet.microsoft.com/en-us/library/dn221980%28v=ws.11%29.aspx
    – smwk
    Commented May 13, 2016 at 21:14
  • Hi smwk, it's the first one that I want... As the server OS is not on my charge but the RDBMS is, I want to know who possibly can access to it... Once I have the answer to who can connect, I may be interested by the when they connect...
    – Jefferson B. Elias
    Commented May 14, 2016 at 11:04
  • It doesn't look easy to do with Powershell: stackoverflow.com/questions/934156/… . If it's just one server then use group policy RSOP, this can be done remotely.
    – smwk
    Commented May 17, 2016 at 15:22

1 Answer 1

Reset to default
0

Default groups that can logon locally on a server:

  • Administrators

  • Backup Operators

  • Users

Reference: https://technet.microsoft.com/en-us/library/dn221980%28v=ws.11%29.aspx

Doing it with PowerShell is not easy, a few options listed here: https://stackoverflow.com/questions/934156/setting-log-on-as-a-service-and-allow-logon-locally-with-adsi

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .