Stop asking “What Computer are You On”! Instead use Active Directory and Group Policy to search for you! In this post, we are going to set Active Directory to automatically record where users login. And when a user calls, Active Directory Users and Computers will let us instantly remote into their computer and will find out what computer a user logged into. In short, you will be able to click on any computer in your domain and see the current logged in user. All within Active Directory Users and Computers!
Wouldn’t it be nice to find the last user that logged on to a computer and automatically remote in to that computer? To be able to simply type a user’s first name and instantly see their machine? By embedding a script within our Active Directory Users and Computers console, we can easily do this! But first, read Part 1 of this guide before continuing.
The first thing you will need is some type of remote desktop tool. Personally, I use Netsupport. Other products, such as a VNC client, GenControl, or even Remote Assistance, will work great. Next, you will want to create a custom MMC for Active Directory Users and Computers. We will cover those steps in just minute. To give you an idea of how much time you will save, take a look at the picture to the left. This menu is always visible when I am using Active Directory Users and Computer. By clicking on the second to last button (User: NSM into Logged in Computer), I can simply type the name of a user and instantly remote into their computer!
Create the Custom MMC
By customizing a MMC with Active Directory Users and Computers, you will gain several seldom used features. The two biggest are Favorites and TaskPads. Favorites allow quick access and is very useful if your organization has a lot of OUs. TaskPads allow you to add extra features to Active Directory Users and Computers through scripts. Here are the short steps to create the MMC:
- Launch MMC and load the Active Directory Users and Computer Snapin.
- Expand the Snapin until you can left click on an OU.
- Select Action and then New Taskpad View
- Continue through the wizard until it ends.
If needed, a very detailed guide on creating a custom MMC can be found here. When the first wizard closed, it should have opened the New Task wizard. Leave this screen up for a few minutes as we take a look at our remote control script.
I was recently asked “How can I start tracking user logins without modifying Active Directory or writing to a database?” Odd question right? Our reader, let’s call him Jose, had a few issues:
- He wasn’t allowed to modify Active Directory.
- He wasn’t allowed to set up any new servers/hardware/etc. This ruled out writing his computer logins to a database.
- He was allowed to edit Group Policy at his location. He did not have many restrictions there.
To me, it seems like his boss has their priorities a little mixed up – but oh well. Before finding out these restrictions, I referred him to these two articles:
I was hoping that the powers that could modify AD in his company would see the benefits of the solutions above. It turns out that they don’t trust this site… (or Microsoft documentation for that matter).
After a few emails back and forth, I found out what was going on and we came up with a manual hack to speeding up the whole “what computer are you on?” routine that every one of us face. We ended up using an old time tool with a modern deployment method.
With one registry change plus a deployment with Group Policy Preferences, we can stick the Computer Name under the start menu. Instead of a shortcut to Computer (or My Computer), the user sees “Computer: COMPUTERNAME”. This allows you to quickly check a computer name or to easily tell an employee how to find the computer name.