5 Replies Latest reply on Nov 14, 2017 3:42 PM by GaryH

    Suggesting for Querying for a range of logon time

    Apprentice

      We have a combination of 24 hour boxes running 12 hour shifts and boxes that run typical Monday-Friday 8-5.

       

      I know I can push a form out asking user to identify what category their box falls into but I want to do it by query if possible.  But the parameters I have to work with might not be ones I can query.

       

      8-830 box are usually the same user but not necessarily, and the 24 hour boxes are twelve our shifts where the most recent log on is either around 6 am or 6pm.  Without pushing out a form, or tagging machines, any way you know to query a particular logon time of day rather than date or something else I just have not thought of?? Thanks.

        • 1. Re: Suggesting for Querying for a range of logon time
          Apprentice

          Sorry. Landesk 2017. the normal day is 8-5 not 8-830. Wouldn't that be nice. or not.

          • 2. Re: Suggesting for Querying for a range of logon time
            cjensen SupportEmployee

            Hi Gary,

             

            The only thing I think you could attempt to create a query based upon the OS > Last Logon Date information within inventory, however, if you have users that fall within the different scheduled work time, this may not be helpful. In this instance, it may be best to utilize the form data as I don't believe there will be any kind of attribute that is collected that would be completely accurate.

             

            Thanks

            • 3. Re: Suggesting for Querying for a range of logon time
              phoffmann SupportEmployee

              2017 helps - but which version (2017.1 or 2017.3 - and what service update). Not super-relevant in this case, but a good habit to get into!

               

              So... there's a couple of things that may help / be useful to you here:

               

              1 - With IEM 2017 we started tracking Logon events (may have been 2016 potentially, but 2017 has it for sure). See here as an example (this is from one of my VM's so obviously it'll look a mite odd...):

               

              ... but you get the idea .

               

              If you can determine the nature of a device based on its logon/logoff behaviour (though you harboured doubts?) you might be able to assign devices to device groups  ("shift" versus "8-5") as a starter for 10.

               

              How do you get to this data -- well, this may help for one -- Getting started with Patch Reporting (SQL, Tables & such) -- if you're not comfortable with SQL yourself, this would be a good time to go buy your SQL admin a coffee / doughnuts / whatnot (in my experience, most IT people just want to get fed, and it's been a great way to "jump the queue" in priority all of a sudden for many years) .

               

              2 - If your 8-5 devices get shut down at the end of the day, you could pick up OS uptime as some custom data (simple WMI custom data). It's the same concept as picking up a registry key

               

              ... and this article may help too --Scanning for Custom WMI Items -- if you've never done it.

               

              3 - You could write a little powershell script (or whatever) that determines whether a device is an 8-5 or an 12/12-shift device based on "something" (locked screen from 5 pm to 8 am ?) and cough its expected result out in a registry key -- that you can then pick up as custom data?

               

              4 - Don't forget the following when playing with custom data:

               

              ==========

               

              I'd argue "this should be" some sort of attribute that should exist in AD as well, at the very least (such as a "8-5"-container and a "shift"-container) -- which may be an idea going forward (so you have this data in a 2nd place - should something happen to your IEM install). Because we pull machine AD group information as part of inventory, that'd be a super simple query to sort out .

               

              ... that's the sort of approach I'd use to tackle the problem.

              Step 1 - identify a way that you can categorise devices.

              Step 2 - MARK the devices (locally at least, so you can pick it up as custom data).

              Step 3 - make sure that identifying attribute

              Step 4 - profit .

              • 4. Re: Suggesting for Querying for a range of logon time
                Apprentice

                Thanks. Yeah, I can get a real good idea of which type of machine is which now just by querying for logins and sort out the ones from the other.  Just want to do it in a dynamic query.

                 

                To be honest, it's a bit of a moot point now because we were going to set different maintenance windows, but even on a 12 shift computer, 1-4 am is the best time.  and of course 8 to 5 boxes can be any time after 5 pm.  So no need to differentiate now.  In the future, we may just tag from time to time and change as needed - if we ever needed.  But I do need to do more with custom scripting and you have pointed me in the right direction.

                 

                Thanks.

                • 5. Re: Suggesting for Querying for a range of logon time
                  Apprentice

                  Again, I looked at all your help and I am really thankful for all you did to help.