{"id":208143,"date":"2023-11-29T13:49:16","date_gmt":"2023-11-29T13:49:16","guid":{"rendered":"https:\/\/www.ninjaone.com\/script-hub\/monitorare-ultimo-accesso-di-un-utente-2\/"},"modified":"2024-03-04T19:04:04","modified_gmt":"2024-03-04T19:04:04","slug":"monitorare-ultimo-accesso-di-un-utente-2","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/it\/script-hub\/monitorare-ultimo-accesso-di-un-utente-2\/","title":{"rendered":"Come monitorare l’ultimo accesso di un utente con PowerShell"},"content":{"rendered":"

Nella moderna gestione IT, uno dei compiti pi\u00f9 importanti \u00e8 il monitoraggio degli account utente, in particolare l’identificazione di quelli inattivi. Questa attivit\u00e0 va oltre una semplice questione di ordine. \u00c8 direttamente collegata alla sicurezza, alla conformit\u00e0 e alla gestione efficiente delle risorse. Oggi analizzeremo uno script PowerShell che\u00a0consente di monitorare l’ultimo accesso di un utente<\/strong>.<\/p>\n

Background<\/h2>\n

Lo script per monitorare l’ultimo accesso di un utente che andremo ad analizzare \u00e8 progettato per identificare e segnalare gli account utente in base al loro ultimo orario di accesso, in particolare quelli che non sono stati utilizzati per un periodo di tempo specificato. Garantire l’identificazione e la gestione degli account inutilizzati \u00e8 fondamentale per i professionisti IT e i provider di servizi gestiti (MSP)<\/a>. Gli account inattivi comportano rischi per la sicurezza e spesso diventano facili bersagli per i criminali informatici. Inoltre, per le organizzazioni soggette a normative di conformit\u00e0, il monitoraggio dell’attivit\u00e0 degli utenti e la disabilitazione degli account non utilizzati possono essere uno dei requisiti a cui attenersi.<\/p>\n

Lo script per monitorare l’ultimo accesso di un utente<\/h2>\n

#Requires -Version 5.1\r\n\r\n<#\r\n.SYNOPSIS\r\n    Returns exit code of 1 if any Enabled accounts that haven't been logged in over 90 days or a custom amount of days.\r\n.DESCRIPTION\r\n    Returns exit code of 1 if any Enabled accounts that haven't been logged in over 90 days or a custom amount of days.\r\n.EXAMPLE\r\n    No parameters needed.\r\n    Returns exit code of 1 if any Enabled accounts that haven't been logged in over 90 days.\r\n.EXAMPLE\r\n    -IncludeDisabled\r\n    Returns exit code of 1 if any Enabled or Disabled accounts that haven't been logged in over 90 days.\r\n.EXAMPLE\r\n    -Days 60\r\n    Returns exit code of 1 if any Enabled accounts that haven't been logged in over 60 days.\r\n.EXAMPLE\r\n    -Days 60 -IncludeDisabled\r\n    Returns exit code of 1 if any Enabled or Disabled accounts that haven't been logged in over 60 days.\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 7, Windows Server 2012\r\n    Exit code 1: Found users that haven't logged in over X days and are enabled.\r\n    Exit code 2: Calling \"net.exe user\" or \"Get-LocalUser\" failed.\r\n    Release Notes:\r\n    Initial Release\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n.COMPONENT\r\n    ManageUsers\r\n#>\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [int]\r\n    $Days = 90,\r\n    [Parameter()]\r\n    [switch]\r\n    $IncludeDisabled\r\n)\r\n\r\nbegin {}\r\nprocess {\r\n    if ($Days -lt 0) {\r\n        # Change negative days to the expected positive days\r\n        $Days = 0 - $Days\r\n    }\r\n    $Accounts = if ($(Get-Command \"Get-LocalUser\").Name -like \"Get-LocalUser\") {\r\n        try {\r\n            Get-LocalUser | Select-Object Name, Enabled, SID, LastLogon\r\n        }\r\n        catch {\r\n            exit 2\r\n        }\r\n    }\r\n    else {\r\n        # Get users from net.exe user\r\n        $Data = $(net.exe user) | Select-Object -Skip 4\r\n        # Check if the command ran the way we wanted and the exit code is 0\r\n        if ($($Data | Select-Object -Last 2 | Select-Object -First 1) -like \"*The command completed successfully.*\" -and $LASTEXITCODE -eq 0) {\r\n            # Process the output and get only the users\r\n            $Users = $Data[0..($Data.Count - 3)] -split 's+' | Where-Object { -not $([String]::IsNullOrEmpty($_)) }\r\n            # Loop through each user\r\n            $Users | ForEach-Object {\r\n                # Get the Account active property look for a Yes\r\n                $Enabled = $(net.exe user $_) | Where-Object {\r\n                    $_ -like \"Account active*\" -and\r\n                    $($_ -split 's+' | Select-Object -Last 1) -like \"Yes\"\r\n                }\r\n                # Get the Last logon property\r\n                $LastLogon = $(\r\n                    $(\r\n                        $(net.exe user $_) | Where-Object {\r\n                            $_ -like \"Last logon*\"\r\n                        }\r\n                    ) -split 's+' | Select-Object -Skip 2\r\n                ) -join ' '\r\n                # Get the Password last set property\r\n                $PasswordLastSet = $(\r\n                    $(\r\n                        $(net.exe user $_) | Where-Object {\r\n                            $_ -like \"Password last set*\"\r\n                        }\r\n                    ) -split 's+' | Select-Object -Skip 3\r\n                ) -join ' '\r\n                # Output Name and Enabled almost like how Get-LocalUser displays it's data\r\n                [PSCustomObject]@{\r\n                    Name      = $_\r\n                    Enabled   = if ($Enabled -like \"*Yes*\") { $true }else { $false }\r\n                    LastLogon = if ($LastLogon -like \"*Never*\") { [DateTime]::Parse($PasswordLastSet) } else { [DateTime]::Parse($LastLogon) }\r\n                }\r\n            }\r\n        }\r\n        else {\r\n            exit 2\r\n        }\r\n    }\r\n    $Output = $Accounts | Where-Object {\r\n        if ($IncludeDisabled) {\r\n            $_.LastLogon -lt $(Get-Date).AddDays(0 - $Days)\r\n        }\r\n        else {\r\n            $_.Enabled -and $_.LastLogon -lt $(Get-Date).AddDays(0 - $Days)\r\n        }\r\n    }\r\n    $Output | Out-String | Write-Host\r\n    if ($null -ne $Output) {\r\n        exit 1\r\n    }\r\n}\r\nend {}<\/pre>\n
 <\/p>\n
Accedi a oltre 700 script nel Dojo di NinjaOne<\/p>\n
Ottieni l’accesso<\/a><\/p>\n<\/div><\/p>\n
Analisi dettagliata<\/h2>\n
Lo script per monitorare l’ultimo accesso di un utente inizia impostando una durata predefinita di 90 giorni per verificare l’inattivit\u00e0. Utilizza quindi il cmdlet “Get-LocalUser” o il comando “net.exe user”, a seconda di ci\u00f2 che \u00e8 disponibile.<\/p>\n