Skip to content

Commit d25ca5d

Browse files
gillesduboisgillesdubois
authored
Merge pull request #28 from Lea9250/get_user_connection
Get user connection
2 parents 3654091 + 87525e4 commit d25ca5d

File tree

4 files changed

+37
-2
lines changed

4 files changed

+37
-2
lines changed

APACHE/Map.pm

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,10 @@ fields => {
3131
USERMAYCHANGEPWD => {},
3232
PASSWORDEXPIRES => {},
3333
STATUS => {},
34-
SID => {}
34+
SID => {},
35+
USERCONNECTION => {},
36+
NUMBERREMOTECONNECTION => {},
37+
IPREMOTE => {},
3538
}
3639

3740
};

agent/winusers.ps1

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,10 @@ $users = Get-LocalUser | Select *
3737
$pathUsers = "C:\Users"
3838
$allUsers = @()
3939

40+
$startTime = (get-date).AddDays(-15)
41+
$logEvents = Get-Eventlog -LogName Security -after $startTime | where {$_.eventID -eq 4624}
42+
43+
4044
foreach ($user in $users) {
4145
if($user.Name -ne $null){
4246

@@ -45,6 +49,25 @@ foreach ($user in $users) {
4549
$folderSize = Get-Size $path
4650
if($user.Enabled -ne "False") { $userStatus = "Disabled" } else { $userStatus = "Enabled" }
4751
if($userType -eq "Local") { $userType = $user.PrincipalSource }
52+
53+
$numberConnexion = 0
54+
$workstation = ""
55+
$numberRemoteConnexion = 0
56+
$ipRemote =""
57+
58+
foreach($userconnection in $logEvents){
59+
#In local logon
60+
if(($userconnection.ReplacementStrings[5] -eq $user.Name) -and (($userconnection.ReplacementStrings[8] -eq 2) -or ($userconnection.ReplacementStrings[8] -eq 7))){
61+
$numberConnexion = $numberConnexion + 1
62+
$workstation = $userconnection.ReplacementStrings[11]
63+
#In remote
64+
}if (($userconnection.ReplacementStrings[5] -eq $user.Name ) -and ($userconnection.ReplacementStrings[8] -eq 10)){
65+
$workstation = $userconnection.ReplacementStrings[11]
66+
$numberRemoteConnexion = $numberRemoteConnexion + 1
67+
$ipRemote = $userconnection.ReplacementStrings[18]
68+
}
69+
}
70+
4871

4972
$xml += "<WINUSERS>`n"
5073
$xml += "<NAME>"+ $user.Name +"</NAME>`n"
@@ -56,6 +79,9 @@ foreach ($user in $users) {
5679
$xml += "<USERMAYCHANGEPWD>"+ $user.UserMayChangePassword +"</USERMAYCHANGEPWD>`n"
5780
$xml += "<PASSWORDEXPIRES>"+ $user.PasswordExpires +"</PASSWORDEXPIRES>`n"
5881
$xml += "<SID>"+ $user.SID +"</SID>`n"
82+
$xml += "<USERCONNECTION>"+ $numberConnexion +"</USERCONNECTION>`n"
83+
$xml += "<NUMBERREMOTECONNECTION>"+ $numberRemoteConnexion +"</NUMBERREMOTECONNECTION>`n"
84+
$xml += "<IPREMOTE>"+ $ipRemote +"</IPREMOTE>`n"
5985
$xml += "</WINUSERS>`n"
6086

6187
$allUsers += $user.Name

cd_winusers/cd_winusers.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,10 @@
3535
'Status' => 'status',
3636
'Change Password' => 'usermaychangepwd',
3737
'Password expires' => 'passwordexpires',
38-
'Sid' => 'sid'
38+
'Sid' => 'sid',
39+
'User Connection' => 'userconnection',
40+
'Number Remote Connection' => 'numberremoteconnection',
41+
'Ip Remote' => 'ipremote'
3942
);
4043
$list_col_cant_del=$list_fields;
4144
$default_fields= $list_fields;

install.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,9 @@ function extension_install_winusers()
2222
`USERMAYCHANGEPWD` VARCHAR(255) DEFAULT NULL,
2323
`PASSWORDEXPIRES` VARCHAR(255) DEFAULT NULL,
2424
`SID` VARCHAR(255) DEFAULT NULL,
25+
`USERCONNECTION` VARCHAR(255) DEFAULT NULL,
26+
`NUMBERREMOTECONNECTION` VARCHAR(255) DEFAULT NULL,
27+
`IPREMOTE` VARCHAR(255) DEFAULT NULL,
2528
PRIMARY KEY (`ID`,`HARDWARE_ID`)
2629
) ENGINE=InnoDB ;");
2730
}

0 commit comments

Comments
 (0)