We deploy software via another deployment tool which delivers the package at user login. We are using BF(amongst other things) to audit the second tool to either fix it or replace it. Are there any RPs to show the last login time similar to the system up time?
nevermind. found that by using wmi to check when the process explorer.exe was created functions as a check on how long a user has been logged into the system (or the last time explorer crashed).
substring before “.” of (substring after “=” of ((property “CreationDate” of select object “* FROM Win32_Process where description = ‘explorer.exe’” of wmi) as string))
How did you cast that as a “time” so that you could determine time since logon? I tried to prepend “now -” in front of your relevance, but this yields an error since the relevance returns a substring. I couldn’t cast it as a time or date.
Also, does anyone know if the creation time of a process be retrieved using an inspector other than wmi? I couldn’t find anything searching the existing inspectors. There appears to be a process object for non-windows OS but it has very limited properties.
i just cast the time as a string since we did not need it to do anything else other than serve as a marker.
The time comes out as 20071015120132 so said the first 8 were the date and the last 6 was the time. You can probably take it from there, but that was all I needed.
DATE
first 8 of (substring before “.” of (substring after “=” of ((property “CreationDate” of select object “* FROM Win32_Process where description = ‘explorer.exe’” of wmi) as string)))
TIME
last 6 of (substring before “.” of (substring after “=” of ((property “CreationDate” of select object “* FROM Win32_Process where description = ‘explorer.exe’” of wmi) as string)))