17 March 2022

Home » » Identify Machines a User is Logged Into using Carbon Black

Identify Machines a User is Logged Into using Carbon Black

  Thursday, March 17, 2022    No comments
If you have Carbon Black in your environment, you can use it to identify which machines a user account is logged into. Carbon Black collects a vast amount of data on machines and reports it to the cloud database. The following is how to use Carbon Black to list the machines:
  1. Log into the Carbon Black Cloud Portal
  2. Click the Investigate tab
  3. In the investigate search field at the top, enter the following: 
    1. Enter process_username:<username> in the search field at the top. <username> needs to be changed to the actual username you are searching for.
    2. Change the time field to the right to within one day or less
    3. Click the magnifying glass on the far right to search. 
  4. Under the filters field, scroll down to Device and it will show a list of devices the profile is currently logged into. 
As you can see in the screenshot under devices, it returned two machines my profile was logged into. 



Related Posts:

  • How to run a Powershell script as administrator Say you are deploying a package and need to run it as admin with elevated privileges. Of course if you are running the script manually, you can open up powershell with admin priviledges by running the cmd.exe as admini… Read More
  • Powershell: WMIC Product headers If you are trying to query a list of installed applications using WMIC and want to only display certain headers, here is the list of header available: wmic product get <header> Node AssignmentType Caption Descriptio… Read More
  • SCCM: SMS equivalent to updating the distribution point In SMS, in order to update the distribution point, you go to the packages and select the distribution points, and click update distribution points. The equivalent in SCCM is to go to the Software Library-->Application… Read More
  • SCCM: SMS Functions missing in SCCM As you have seen, a lot of the functions in SMS are now longer there in SCCM. For instance, you used to be able to re-run and advertisement on a specific machine. That is no longer there. There is a way to get the functions … Read More
  • SCCM: Powershell Command Line In order to run a powershell script as a task sequence/application in SCCM or MDT, you will need to use the following command line in MDT/SCCM to correctly execute the script: powershell.exe -executionpolicy bypass -File … Read More

0 comments:

Post a Comment