Several users discussed how to set up a trigger for identifying unused VMs older than 45 days, specifically in relation to the ControlUp environment. Suggestions were given about using the built-in Session Activity report or APIs to identify machines with no recent logins. Some users mentioned testing and recoding scripts for different hypervisors. One user also brought up the issue that not all VMs have a Horizon agent.
Read the entire ‘Setting Up a Trigger for Identifying Unused VMs in ControlUp Focus Discussion.’ thread below:
I’d like to setup a trigger to identify any unused VMs older than 45 days. Has anyone done this before? We have persistent VMs used by contractors, and we are not alerted when their contract ends…
What hypervisor? We have one for Azure and are currently testing one for Citrix (on-prem and cloud)
AZ Show Resources Not Used in Time Period – ControlUp Script Library
vSphere on Prem running Omnissa Horizon workloads
I thought about searching for logonEventID = 4624 and parsing it for a date…
Where Omnissa have just announced that they won’t be producing a new PowerShell module after the current one stops working when they completely move away from SOAP (to REST)! 😒 It’s a good job that I’ve already recoded (but not released) many of our existing Horizon scripts to use REST.
A VMware/Omnissa one could come relatively soon as the idea was that the Citrix one that is currently in test, using ControlUp Streaming DB data to get usage (or lack of it), could be fairly easily extended to cover Horizon too – watch this space!
My issue is that not all of the VMs have a Horizon agent. Some are just VMs running in vSphere that users RDP into. The REST API would not see those VMs. But they all have ControlUp agents.
I was thinking of how I could use something like this.
PowerShell Script: Get Last User Logon Time with 90-Day Alert
Define the logon event ID for successful logons
$logonEventID = 4624
Get the most recent logon event (excluding system accounts)
$lastLogon = Get-WinEvent -FilterHashtable @{
LogName = ‘Security’
ID = $logonEventID
} -MaxEvents 1000 | Where-Object {
$_.Properties[5].Value -ne ‘ANONYMOUS LOGON’ -and
$_.Properties[5].Value -ne ‘SYSTEM’
} | Sort-Object TimeCreated -Descending | Select-Object -First 1
if ($lastLogon) {
$user = $lastLogon.Properties[5].Value
$time = $lastLogon.TimeCreated
Write-Output "Last user logon: $user at $time"
# Calculate days since last logon
$daysSinceLogon = (New-TimeSpan -Start $time -End (Get-Date)).Days
# Trigger alert if more than 90 days
if ($daysSinceLogon -gt 90) {
Write-Warning "ALERT: Last user logon was more than 90 days ago!"
}
} else {
Write-Output "No user logon events found."
}
Hi @member, since you have the CU agents on these machines, why not use the built-in Session Activity report?
select custom timeframe for last 45 days, select the relevant EUC / Machines folder, and check which machines did have logins in the last 45 days
all other machines had zero logins in the last 45 days
you can also export this data via our API, and compare to list of existing Horizon machines using a script
Continue reading and comment on the thread ‘Setting Up a Trigger for Identifying Unused VMs in ControlUp Focus Discussion.’. Not a member? Join Here!
Categories: All Archives, ControlUp Scripts & Triggers