Last user to logn to a computer?

It actually gets you most of the way there, though. Now you can just use regular old relevance to pull the information you want out of the key. So let’s figure out the available values:

q: names of values of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" of (x32 registries;x64 registries)
A: ShowTabletKeyboard
A: ShowTabletKeyboard
A: LastLoggedOnDisplayName
A: LastLoggedOnProvider
A: LastLoggedOnSAMUser
A: LastLoggedOnUser
A: LastLoggedOnUserSID
A: SelectedUserSID
A: IdleTime
A: NetworkStatusType
A: IsFirstLogonAfterSignOut
T: 0.508 ms
I: plural string

Looks like we want the value “LastLoggedOnUser”

value "LastLoggedOnUser" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" of (x32 registries;x64 registries)

That seems to work in my environment. If you aren’t already familiar with the syntax to pull basic information out of the registry, it is a very useful tool to have, so you might want to play with my simple example above to try to pull information out of other keys. This thread (which as it turns out, you submitted!) was my starting point for getting comfortable with using relevance and the registry: Getting Uninstall Strings from Registry

3 Likes