I'm trying to figure out which users are assigned to specific computers in our organization's asset management system. We mostly have an on-prem setup alongside Microsoft 365 for email, but our asset management documentation was really lacking until we started using Jira a year ago. We've only tracked a fraction of our approximate 400 devices.
I thought about using the last interactive user from each workstation, but I feel like that's not the best approach. Given that each workstation is usually a user laptop and is mostly used by one person, I'm looking for suggestions on reliable methods to identify which user a device belongs to, especially when we don't have accurate tracking in place. I'm open to using PowerShell scripts, GPO, third-party tools, or any other recommended solutions.
7 Answers
If you have a lot of shared devices, the old-fashioned way of visiting each workstation might be necessary. Once you get the data, maintaining it shouldn’t be too difficult. Just remember, for shared workstations, it might be best to label them by location rather than a specific user.
I run a daily PowerShell script that fetches the last logged in user and updates our asset tracking system (SnipeIT). It keeps everything up to date automatically, which is really handy.
You could also gather information from Lansweeper, which scans event logs. Alternatively, a PowerShell script can pull the last 4624 event to track logins and send that data to a file server.
Lansweeper could be a good solution for this. It pulls data from event logs to help you track user assignments.
Check out Microsoft Entra—it's possible to extract sign-in logs and get a CSV output. Intune also provides a 'Primary User' value that can help identify device assignments.
In my MS AD environment, I use the "Managed By" property on the Computer AD object to keep track of assigned users. I run a script that collects this data into a spreadsheet, making it easy to see which user is assigned to a given machine. This method is straightforward and works well for other devices too, like mobile hotspots.
That's a great use of the "Managed By" field! It’s definitely underutilized for user tracking.
I'd suggest collecting the last logged in user data over a couple of days to see patterns. For example, if PC A consistently shows user Jim, you can reasonably deduce that's his workstation. If you have a SIEM in place, it would make this process a lot easier.
Thanks, I’ll definitely check it out!