Powershell script for when user last used their AD account to login or unlock a computer.

Similar Messages

• Is it possible for multiple users to use a "generic" account simultaneously without screen sharing?

  Hey and thanks for checking out the thread.
  I am wondering if it is possible to have users use a generic account at the same time without any sort of screen sharing.
  I have set up a generic user account (for example useraccount, password 1234) for users to use in the time before I can set up a custom user name for them. However, I have run into some issues with this.
  When multiple users log on using this generic account, their applications seem to be shared on each screen. In the room with multiple Mac workstations, if someone starts working on Photoshop, Photoshop will open on every one elses screen who is logged on under that generic account.
  Is it possible for users to log on using a generic network account and have their own isolated work environment or is this sort of sharing a feature? I am new to Mac servers and am not sure.
  Thanks for reading the thread.

  That shared-account approach seems impractical for the various reasons you've identified, as well as the inevitable issue of cleaning up the detritus that'll inevitably build up in a shared account, and for the lack of accountability for activities occuring under the shared account for both auditing and security, and sharing directories would tend to introduce obscure conflicts around which-file-version-wins file updates when the same file is used in several places, and would probably be contrary to any per-user application software licensing agreements that might be involved.
  Put another way, get unique accounts created for folks, and work toward the ability to create accounts for arriving folks, and — if it's applicable here — talk to management about getting any per-user software licensing issues sorted out, whether that's having spare copies purchased and ahead or some advanced notice on accounts, or establishing group software licensing where that's available.
  AFAIK, there are tools around which can automate account creation, too.  Either generic, a tool such as Passenger, or it's certainly feasible to script the account creation sequence.
  Trying this shared-access generic-account approach just looks like it can create more work and more hassles and more effort to me...

• When did a user last used a particular Responsibility.

  Hi,
  I am looking for a way which can provide me information regarding when did a user last used a particular Responsibility ( eg CIC User,CRM Administrator etc).
  For eg , If I last used CIC User responsibility last on 30th March 2015, then is there anyway I could fetch this information ?
  Any help with backend query or front end navigation would be much appreciated.
  Regards,
  Praveen

  Thanks Ahmed Abbas, this works perfect 
  please don't mind but I have modified the query a little so that exact responsibility could come up  and kindly suggest if this is okay
  SELECT user_name,
         frt.responsibility_name,
         fr.responsibility_key responsibility,
         (SELECT user_function_name
            FROM fnd_form_functions_vl fffv
           WHERE (fffv.function_id = A.function_id)) "Current Function",
         TO_CHAR(first_connect, 'DD/MM/YYYY HH:MI:SS') start_time,
         TO_CHAR(last_connect, 'DD/MM/YYYY HH:MI:SS') "Date and time of last hit",
         TO_CHAR(SYSDATE, 'HH:MI:SS') CURRENT_TIME,
         session_id,
         (SYSDATE - last_connect) * 24 * 60 mins_idle,
         fnd_profile.value_specific('ICX_SESSION_TIMEOUT',
                                    A.user_id,
                                    A.responsibility_id,
                                    A.responsibility_application_id,
                                    A.org_id,
                                    NULL) TIMEOUT,
         counter "How many hits a User has made",
         A.limit_connects "Num of hits allowed in session"
    FROM icx_sessions A, fnd_user b, fnd_responsibility fr,fnd_responsibility_tl frt
  WHERE A.user_id = b.user_id AND
         fr.responsibility_id(+) = A.responsibility_id AND  fr.responsibility_id = frt.responsibility_id and
         user_name = nvl(:USER_NAME, user_name) and
        upper(frt.responsibility_name)=upper(':P_resp_name') --upper (fr.responsibility_key)  = upper(':P_resp_name')
  ORDER BY last_connect DESC;

• Powershell script for security groups and users for multiple share folders

  Hi scripting team,
  I need your help with powershell script for the below queries 
  1. List out the security groups for more than one server share path and output it to a file ( csv ) 
  For eg.
  If the are are two share paths 
  \\servername\foldermain\folder1
  \\servername\foldermain\folder2
  So I needs the list of security groups for each share path
  And the output needs to be under each any every path.
  2. Grab the users belongs to main security groups and it nested groups for more than one security group and listed the users under each and every group. No need to display nested groups. Just users belongs to main group and users under nested.
  Your teams help is much appreciated 
  Thank you.
  Thilochana kumararatne

  Hi Braham,
  Thanks for your quick reply.
  Are we able to do this on two stage method
  1. grab the security groups from the share paths
  if can grab the share path from a separate txt file than copying it to the <your path> location
  so i can modify the txt file
  once run the script
  if can the output like below to a CSV file
  \\servername\foldermain\folder1group 1group 2group 3\\servername\foldermain\folder2group 1group 2group 3then i know which groups belongs to which share paththen i can remove the duplicate groups and keep the common groups to grab the users belongs to itso with the second script same as the first copy the security groups to a txt file and the out put as below.what I needs is the users full name and the samaccount name ( user id )group 1user1user2user3
  group 2user1user2user3looking forward your help on thisThank you.Thilo

• Executing a powershell script for checking duplicate users while creating a AD user throug ADUC console.

  Hi,
  I have a text file in which some SamAccountNames are present.I need to check the file while creating a new users through ADUC console.If a username that is going to create through ADUC console is present in the file, then it should prompt a message
  that the user is already present in the text file.
  Is there any possibility of contacting the powershell script from the ADUC console.If so, then while creating a new user through ADUC console, what is the proceedure for executing that powershell script.
  please provide me the approriate solutions.
  Thanks
  Prasanthi k

  Run the below Powershell Script for users are exist or not in AD. Later you can create the users.
  #Find Users exist in AD or Not?
  #Biswajit Biswas
  $users = get-content c:\users.txt
  foreach ($user in $users) {
  $User = Get-ADUser -Filter {(samaccountname -eq $user)}
  If ($user -eq $Null) {"User does not exist in AD ($user)" }
  Else {"User found in AD ($user)"}
  Active Directory Users attributes-Powershell
  http://gallery.technet.microsoft.com/scriptcenter/Getting-Users-ALL-7417b71d
  Regards~Biswajit
  Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights.
  MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
  MY BLOG
  Domain Controllers inventory-Quest Powershell
  Generate Report for Bulk Servers-LastBootUpTime,SerialNumber,InstallDate
  Generate a Report for installed Hotfix for Bulk Servers

• Run a powershell script on every user login/unlock

  Hi everybody
  I need to run a powershell (that opens an interactive dialog box) when every user log in or unlock session or remote connection to this server.  In other words it have to be run every time a user enters a credential. 
  I tried task scheduler, but it didn't work properly. I tried triggers like "on workstation unlock" and "on connection to user session". I change user and group to administrators but still it runs under the author user (me) . 
  I found out user login event id is 4801 and 4778. can I use these event ids to run powershell code? Can I check raising the event ids through my code? 
  any other idea please?
  Thanks in advance

  Im not going to block a logon! I want to run a powershell code for every user login. assume like a message after user login. this kind of message for me is showing to me after other users login.
  specifically this is a window from that I designed to execute on user login to show on the server and every user writes down in the text box the changes that is making on the server. this is a changes log solution to me. then I need to show every user to
  work properly.
  You can run a scheduled task at logon that can display a message.  You can define this task in Group Policy.
  You can also just use the standard user logon message which can also be defined in Group Policy.
  You can execute a script task whenever an unlock event happens.  This, too, can be defined in Group Policy.
  ¯\_(ツ)_/¯

• When I try to set up family sharing I get "This account is already shared by another family member. Family sharing works best if every family member uses their own account." how do I reset?  I can't find where it is being used.

  When I try to set up family sharing I get "This account is already shared by another family member. Family sharing works best if every family member uses their own account." how do I reset?  I can't find who it is being shared by.

  Hi jmeckoll1,
  It sounds as if you are trying to set up family sharing starting with an Apple ID which someone has already used to start a family group. Presumably this person is within the family group you want to share with. One solution to this issue would be to ask to join this family group. See this article -
  OS X Yosemite: Join a family
  If this is not the desired result, you will need to set up your own family group using an unused Apple ID that is in use for iCloud. See this article -
  OS X Yosemite: Set up Family Sharing
  Thanks for using Apple Support Communities.
  Best,
  Brett L 

• I received a 1st Gen IPad from a supplier as a gift to promote their products. They used their Apple account to load the apps.  I am not able to load my own apps because their apple user is the one that pops up. How can I change it to mine?

  I received a 1st Gen IPad from a supplier as a gift to promote their products. They used their Apple account to load the apps.  I am not able to load my own apps because their apple user is the one that pops up. How can I change it to mine?

  Set it up as new device, explained in this article, without using the backup afterwards:
  How to back up your data and set up as a new device

• Need SP_TN for specific user must use specific document series and warehouse in Marketing Documents

  Hi experts,
     I need SP_TN for specific user must use specific document series and warehouses in Marketing Documents SAP B1.
     Kindly give solution ASAP.
  Thanks in advance

  Hi Nagarajan,
     It show (1) Not allowed to add PO.
     I used the following SP
  IF  @object_type = '22' AND @transaction_type IN (N'A',N'U')
  BEGIN
  IF Exists
  (SELECT T0.DocEntry FROM POR1 T0 INNER JOIN OPOR T1 ON T0.DocEntry = T1.DocEntry
  WHERE  T1.DocType = 'I' AND T1.Series = '142' OR T1.Series = '145' AND T0.[WhsCode] = 'STEX-01'
  or T0.[WhsCode] = 'STNEX-01' and T1.[UserSign] ='1'
  and T1.docentry = @list_of_cols_val_tab_del)
  BEGIN
  SELECT @error = 1
  SELECT @error_message = 'Not allowed to add PO'
  END
  END
  warm regards,
  Guhan

• How can I launch a site that I designed for a client using their MobileMe account? Can they 'open' my iWeb files on their iWeb software?

  How can I launch a site that I designed for a client using their MobileMe account? Can they 'open' my iWeb files on their iWeb software?

  If you give them the Domain.sites2 file that iWeb used to create the site  they will be able to open it with iWeb application (it has to be the same version as you have) and make changes.  But if you're expected to also make changes you'll need a way to send that file back and forth between the two. 
  Also there's an online MacWorld article that describes a way that both of you could manage the site using Dropbox.  Look at Managing an iWeb site from multiple Macs.
  OT

• DO Corp. owned iPhones brick when wiped (employee registered for "Find My iPhone" with their iTunes account)

  We issue Corp. owned iPhones to employees.  If the employee registers the phone for "Find My iPhone" using their personal iTunes account, if the employee leaves or is terminated and we have to wipe the phone, does the phone brick?

  They do not brick, but it would be necessary to either turn off Find My iPhone prior to restoring the device or knowing the Apple ID/password that the Find My iPhone was setup with to turn it off afterwards.
  Without this information, the device would be useless.

• Can I pay for a Photo Book using my iTunes account?

  I'm trying to pay for a photo book using my iTunes account balance.  The process seems to take me to a Credit Card input field only!

  Greetings,
  Not an iTunes Gift Card I'm afraid:
  "iTunes gift certificates can be used to purchase movies, TV shows, music and music videos, as well as audiobooks from the iTunes Store." http://support.apple.com/kb/HT2737
  For physical items from Apple you would want an "Apple Gift Card" (Which are only for physical items from the Apple Online Store): http://store.apple.com/us/personalize/apple?product=MA210LL/C
  Cheers!

• Powershell script for removing some users from a particular Site Collection

  Hi,
  I am looking for a PowerShell script to delete a few users from a particular Site Collection. I am unable to delete them from/_catalogs/Users/simple.aspx page therefore need some other medium to
  delete users from the site collection.
  My ultimate aim is to have no user profile with "tp_deleted" field's value as 0 in the USERINFO table. Currently there are about 40 odd users with this field's value as 0 and this is affecting my crawling of this content database.

  Thanks for the reply Alex & eHaze,
  I have a content source of root site which crawls all the site collections under it. Out of the 9 site collections, only 8 are getting crawled and 1 doesn't get crawled at all. The error in the crawl logs is 
  The SharePoint item being crawled returned an error when requesting data from the web service. ( Error from SharePoint site: Value does not fall within the expected range. )
  I tried a lot of things, searched over the net and finally found
  this which helped me solve the same issue in my development environment. I deleted these users from userInfo table and ran a full crawl. And the issue was fixed.
  Now since I cannot delete the users from userInfo table directly from PROD environment, I used .../_catalogs/Users/simple.aspx list
  to delete users from this site collection. While some of the users I could delete, quite a few I could not. Clicking on the profile redirected me to the home page rather than the info page of the profile. 
  This
  is why I have to delete these users from the site collection.
  Alex - the link you shared, I guess it is for a web application level.
  eHaze - the script you shared throws this error:
  Get-SPSite : Cannot find an SPSite object with Id or Url: http://dev-apps/divisions/BT. At C:\PowerShell Scripts\DeleteUserFromSiteCollection1.ps1:4 char:19
  + $site = get-spsite <<<< $siteURL
  + CategoryInfo : InvalidData: (Microsoft.Share...SPCmdletGetSite:
  SPCmdletGetSite) [Get-SPSite], SPCmdletPipeBindException
  + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletGetSite
  You cannot call a method on a null-valued expression.
  At C:\PowerShell Scripts\DeleteUserFromSiteCollection1.ps1:9 char:27
  + $site.SiteUsers.Remove <<<< ($LoginName)
  + CategoryInfo : InvalidOperation: (Remove:String) [], RuntimeExc
  eption
  + FullyQualifiedErrorId : InvokeMethodOnNull
  hope this info helps.

• Using Echo Command in PowerShell Script for Configuration Item

  Hello All,
  Before you tell me to post my PowerShell question to the PowerShell Forum, please know that the PowerShell portion of my task works just fine. It is the SCCM portion of my task that keeps failing, so that is why I am here. To give some background...
  There are two servers in our SCCM test environment. Both the SCCM server and SQL DB server are 2012, patched and updated.
  Test servers in my Device Collection being used for running Baselines and Reports against are 2008R2 and 2012, patched and updated.
  I have created a Configuration Item that checks to see if the FTP Server Role Feature has been installed on a 2008 or 2012 server. To do the check, I am using the following PowerShell script:
  (get-windowsfeature -Name Web-Ftp-Server).Installed
  When I log into my 2008R2 and 2012 test servers, and run this command directly on the server, it will return a "True" if the FTP Server Role Feature is installed on either server, and a "False" if it is not installed. Basically,
  it works as advertised.
  When I setup my Configuration Item and then deploy my Baseline, or run a report against my device collection of test servers, SCCM will return a correct response (True or False) for the 2012 test server, but throws the following error for the 2008R2
  server:
  0x87df00329 application requirement evaluation or detection failed
  Google searches for this have not been very helpful.
  Now, when I created the Configuration Item and referenced PowerShell, the configuration screen has the following note:
  "Specify the script to find and return the value to be assessed for compliance on client devices. Use the echo command to return the script value to Configuration Manager."
  Since I did not include an echo command in my PowerShell script above, I figured that was my problem, so I did the following:
  Logging onto both of my test servers (2008R2 & 2012) I was able to successfully run the following PowerShell commands and get the expected responses of True or False:
  (get-windowsfeature -Name Web-Ftp-Server).Installed | echo
  (get-windowsfeature -Name Web-Ftp-Server).Installed | write-output (http://technet.microsoft.com/en-us/library/hh849921.aspx)
  (get-windowsfeature -Name Web-Ftp-Server).Installed | write-host (http://technet.microsoft.com/en-us/library/ee177031.aspx)
  However, when I use any of these PowerShell commands in my Configuration Item, NEITHER of my test servers returns a response to the SCCM server.
  When I check the report, both servers show as "Unknown" and when I click on the number 2 (as in 2 servers unknown), the following report page (List of unknown assets for a configuration baseline) has absolutely no data/information at all.
  So...I am at a loss.
  SCCM tells me to use an echo command to return a script value to Configuration Manager. The PowerShell scripts above, with the various echo related commands, work just fine on the servers themselves, but they return no information when run via SCCM.
  What am I missing?
  Any help will be appreciated.
  Thanks in advance for your time.

  Sorry for my ignorance, but I don't understand. (I forgot to mention that I am new at both PowerShell and SCCM.)
  After I change the PowerShell script to add the echo/write-output/write-host cmdlet, I open the ConFig Item and "Clear" the PowerShell script and then re-add it. When I do that, it correctly shows the change in the ConFig Item.
  Next I open the Baseline, then open the ConFig Item within the Baseline to make sure the change is reflected there as well, which it is.
  I then deploy the Baseline to my Device Collection. After that, I run a report against the Baseline and Device Collection and it returns the "Unknown" result.
  If I open the PowerShell script and remove the echo/write-output/write-host cmdlet, then go through the rest of the process of updating and reporting, the result it returns changes, showing one server in compliance and the other server out of compliance,
  which leads me to think that all changes have taken correctly.
  Does that sound right? If I manually deploy the Baseline, is that the same as the client retrieving policies from the management point?
  Sorry to be so thick but I'm learning as I go.
  Thanks again for your help.

• SharePoint 2010 Powershell scripting for user profile

  Please help to have a powershell script which will provide the details related to user profile service application like:
  Number of user profiles:
  Number of user properties
  Number of Organization properties
  Number of Organization profiles
  Number of Audiences
  Un compiled Audiences
  Audience Compilation status
  Last compilation time
  Synchronization schedule
  Santosh sethi

  Hi,
  If you're looking for prewritten scripts, you can check these two places:
  http://gallery.technet.microsoft.com/scriptcenter
  http://get-spscripts.com/
  You should read this too:
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/a0def745-4831-4de0-a040-63b63e7be7ae/posting-guidelines?forum=ITCG
  Let us know if you have any specific questions.
  Don't retire TechNet! -
  (Don't give up yet - 12,830+ strong and growing)