I need some assistance in building an analysis to determine the last logged in user and last login time, where the user is not part of a specific AD group.
the bigfix webui has this statement as a starting point:
if (name of operating system as lowercase starts with “win”) then((name of parent folder of it, modification time of it) of files “NTUSER.DAT” of folders of folder “c:\users”) as string else (“No Login Info Found”)
This currently outputs all users folder names, including ‘default’ and local admins. I would like to exclude the ‘default’ and also our admins which are a member of an AD group from the report and just output the most recent username and timestamp.
After i have the most recent user and time, I would like to have a second relevance true/false if last login time is more than 90 days ago.
Any help is appreciated,