If you are auditing logons (see tip 264), look in the security event log. If your protocol is TCP/IP, you can use the following method:
1. Open a command prompt (CMD.EXE).
2. Type: net send "UserName" "** auto-locator - do NOT respond. **"
3. type: nbtstat -c
| Name | Type | Host Address | Life \[sec\] |
| <SNIP> | |||
| JENNIFER | <03> UNIQUE | xxx.xxx.xxx.xxx | ... |
| JSI0013 | <03> UNIQUE | xxx.xxx.xxx.xxx | ... |
| <SNIP> |
4. Locate the Type <03> record for UserName and record the Host Address.
5. Locate the other Type <03> record for that Host Address.
You can partially automate this with LOCATENM.BAT
@echo off
echo Usage: LOCATENM "UserName"
net send "%1" "** auto-locator - do NOT respond. **"
nbtstat -c>%TEMP%\LOCATENM.LOG
findstr /b /i /c:"%1" %TEMP%\LOCATENM.LOG
findstr /i /c:"" %TEMP%\LOCATENM.LOG>%TEMP%\LOCATEIP.LOG
echo Type:
echo LOCATEIP xxx.xxx.xxx.xxx
where LOCATEIP.BAT contains:
@echo off
findstr "%1" %TEMP%\LOCATEIP.LOG
