If you are auditing logons (see tip 264), look in the security event log. If your protocol is TCP/IP, you can use the following method:

1. Open a command prompt (CMD.EXE).
2. Type: net send "UserName" "** auto-locator - do NOT respond. **"
3. type: nbtstat -c

 Name   Type   Host Address   Life \[sec\] 
          <SNIP>    
 JENNIFER   <03> UNIQUE   xxx.xxx.xxx.xxx   ... 
 JSI0013   <03> UNIQUE   xxx.xxx.xxx.xxx   ... 
          <SNIP>    

4. Locate the Type <03> record for UserName and record the Host Address.
5. Locate the other Type <03> record for that Host Address.

You can partially automate this with LOCATENM.BAT

@echo off
echo Usage: LOCATENM "UserName"
net send "%1" "** auto-locator - do NOT respond. **"
nbtstat -c>%TEMP%\LOCATENM.LOG
findstr /b /i /c:"%1" %TEMP%\LOCATENM.LOG
findstr /i /c:"" %TEMP%\LOCATENM.LOG>%TEMP%\LOCATEIP.LOG
echo Type:
echo LOCATEIP xxx.xxx.xxx.xxx

where LOCATEIP.BAT contains:

@echo off
findstr "%1" %TEMP%\LOCATEIP.LOG