How do you find out who is logged on to remote windows machines?
I'm using psloggedon at the moment, but it gives me only one computer at a time.
psloggeon \\172.21.0.5
Is there a better way how to scan a whole subnet ? Preferably some GUI application.
not a GUI, but:
for /L %x in (2,1,254) do psloggedon \\172.21.0.%x
will do a scan from 172.21.0.2-254. You can also nest:
for /L %z in (16,1,31) do for /L %x in (1,1,254) do psloggedon \\172.21.%y.%x
This will scan the 172.21.{16-31}.x subnets.
I found this script. It scans a whole domain and gives you a nice output (computer name and user name).
whoisloggedinwhere.bat > users.txt
@echo off
setlocal
for /f "Tokens=1" %%c in ('net view /domain:"%USERDOMAIN%"^|Findstr /L /C:"\\"') do (
for /f "Tokens=*" %%u in ('PsLoggedOn -L %%c^|find /i "%USERDOMAIN%\"') do (
call :report %%c "%%u"
)
)
endlocal
goto :EOF
:report
set work=%1
set comp=%work:~2%
set user=%2
set user=%user:"=%
call set user=%%user:*%USERDOMAIN%\=%%
@echo %comp% %user%
This script uses PsLoggedOn.
I write the user name into the computer description property using a logon script, which lets me see everything in AD Users & Computers, do searches on it, and so on. Very handy.
You can detect a user being locally logged on to a workstation by querying WMI through the following PowerShell script. It returns the name of whoever is logged on locally or the empty string.
function logged_in($host_name) {
(get-wmiobject -class Win32_ComputerSystem -computername $host_name `
-namespace "root\CIMV2").UserName
}
If the servers are running Terminal Services, you can use Terminal Services Manager to view the servers in a domain and who is logged on to them. It is GUI and can be found under
Start -> Administrative Tools -> Terminal Services Manager
qwinsta is another dos command, but it'll still only give you one at a time...
C:\>qwinsta /server:test_srv
SESSIONNAME USERNAME ID STATE TYPE DEVICE
console test_usr 0 Active wdcon
rdp-tcp 65536 Listen rdpwd
I'm surprised nobody has mentioned loggedon2 yet, which I've been using for quite a few years. It's the GUI implementation you asked for and is available here.
I'm not sure where I got it but I have this code laying around that shows users on a machine. You can wrap this in a for each loop to scan a bunch of machines. I would say that if you want to know who's logged on to a system the simplest way is to turn on login auditing and look at (or query) the security log. Here's the code to see who's on at any given moment:
' PARAMETERS
'
strComputer = "machineName" ' use "." for local computer
strUser = "domain\user" ' comment this line for current user
strPassword = "password" ' comment this line for current user
' CONSTANTS
'
wbemImpersonationLevelImpersonate = 3
wbemAuthenticationLevelPktPrivacy = 6
'=======================================================================
' MAIN
'=======================================================================
' Connect to machine
'
If Not strUser = "" Then
' Connect using user and password
'
Set objLocator = CreateObject("WbemScripting.SWbemLocator")
Set objWMI = objLocator.ConnectServer _
(strComputer, "root\cimv2", strUser, strPassword)
objWMI.Security_.ImpersonationLevel = wbemImpersonationLevelImpersonate
objWMI.Security_.AuthenticationLevel = wbemAuthenticationLevelPktPrivacy
Else
' Connect using current user
'
Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
End If
' Get OS name
'
Set colOS = objWMI.InstancesOf ("Win32_OperatingSystem")
For Each objOS in colOS
strName = objOS.Name
Next
If Instr(strName, "Windows 2000") > 0 Then
'-------------------------------------------------------------------
' Code for Windows 2000
'-------------------------------------------------------------------
' Get user name
'
Set colComputer = objWMI.ExecQuery("Select * from Win32_ComputerSystem")
For Each objComputer in colComputer
Wscript.Echo "User: " & objComputer.UserName
Next
' ------------------------------------------------------------------
Else
' ------------------------------------------------------------------
' Code for Windows XP or later
' ------------------------------------------------------------------
' Get interactive session
'
Set colSessions = objWMI.ExecQuery _
("Select * from Win32_LogonSession Where LogonType = 2")
If colSessions.Count = 0 Then
' No interactive session found
'
Wscript.Echo "No interactive user found"
Else
'Interactive session found
'
For Each objSession in colSessions
Set colList = objWMI.ExecQuery("Associators of " _
& "{Win32_LogonSession.LogonId=" & objSession.LogonId & "} " _
& "Where AssocClass=Win32_LoggedOnUser Role=Dependent" )
' Show user info
'
For Each objItem in colList
WScript.Echo "User: " & objItem.Name
WScript.Echo "FullName: " & objItem.FullName
WScript.Echo "Domain: " & objItem.Domain
Next
' Show session start time
'
Wscript.Echo "Start Time: " & objSession.StartTime
Next
End If
' ------------------------------------------------------------------
End If
'=======================================================================
