locked
Which computer used by a certain user RRS feed

  • Question

  • Hi everyone,

    The question is, is there a way to know which computer is used now by a certain user? i mean, if I know the user name or the profile, can I get such info?

    I know the oppiste, ie, if I have the computer name I can get who is logging in by using :

    psloggedon -l -x \\machine name 

    Best Regards

    Friday, March 9, 2012 11:25 AM

Answers

  • Hi,

    From the PsLoggedOn page:

    Usage: psloggedon [- ] [-l] [-x] [\\computername | username]
    -   Displays the supported options and the units of measurement used for output values.
    -l   Shows only local logons instead of both local and network resource logons.
    -x   Don't show logon times.
    \\computername   Specifies the name of the computer for which to list logon information.
    username   If you specify a user name PsLoggedOn searches the network for computers to which that user is logged on. This is useful if you want to ensure that a particular user is not logged on when you are about to change their user profile configuration.

    Note the username option.

    HTH,

    Bill


    Friday, March 9, 2012 4:01 PM

All replies

  • Other than querying every computer for their currently logged on users, no not really. You could if you have some kind of monitoring software running with agents on every computer. I know that for example Altiris has this functionality.

    If you want to script it yourself you could use several methods, for example the psloggedon method you are currently using. You could check for the last changed ntuser.dat in C:\Users or C:\Documents and Settings. 

    Friday, March 9, 2012 12:02 PM
  • If you are talking about logging on locally to a machine then yes; you're limited to checking for active sessions and local machine event logs.  However, if you are in a domain environment, you can check your Domain Controller logs to see when an Active Directory user account logs on and it will also tell the machine that the user is logged onto.

    Some good articles on the subject:

    http://technet.microsoft.com/en-us/library/cc787176(v=ws.10).aspx
    http://technet.microsoft.com/en-us/library/bb742435.aspx
    http://www.windowsecurity.com/articles/deciphering-authentication-events-domain-controllers.html

    Friday, March 9, 2012 12:11 PM
  • The most effective way I've come across is to see the username who is using Explorer.exe.

    Here's VB function I use in a lot of scripts

    Function fnCheckLoggedonUser(strcomputer)
     err.clear
        Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
        Set colProc = objWmiService.execQuery("Select Name from Win32_Process"  & _
            " Where Name='explorer.exe' and  SessionID=0")
       
        If colProc.Count > 0 Then
            For Each oProcess In colProc
                oProcess.GetOwner strUser
                fnCheckLoggedonUser = strUser
            Next
        Else
            fnCheckLoggedonUser = ""
        End If
     End Function

    Friday, March 9, 2012 1:13 PM
  • Thanks every one,

    Mr p : Could you pls clarify more , how to use this script, is it VBS format

    Thanks

    M

     

    Friday, March 9, 2012 2:16 PM
  • Yes it's vbs.

    it's written as a function so it can be incluced in another script and called.  See here for information about subs and scripts

    http://technet.microsoft.com/en-us/library/ee176984.aspx

    If you just want to use it standalone copy the code below into notepad and save it as userloggedon.vbs

    When you run it it will ask you to enter a PC name and then pop up a message box with the logged on user

    StrComputer =InputBox("Enter computer name")

        Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
        Set colProc = objWmiService.execQuery("Select Name from Win32_Process"  & _
            " Where Name='explorer.exe' and  SessionID=0")
       
        If colProc.Count > 0 Then
            For Each oProcess In colProc
                oProcess.GetOwner strUser
                fnCheckLoggedonUser = strUser
            Next
        Else
            fnCheckLoggedonUser = "nobody is logged into the PC"
        End If

    Msgbox fnCheckLoggedonUser & " is logged onto " & strcomputer

    To make it more robust you might want to add a ping routine to check the computer is switched on.

    Friday, March 9, 2012 2:28 PM
  • Thanks for that I tried it and it is working fine BUT I'm looking for the oppisite i.e to enter a user name and to come up with loggin in machine
    Friday, March 9, 2012 3:19 PM
  • Hi,

    As others have mentioned, you will need a way to enumerate all computers and see who is logged on. You are already are of PsLoggedOn; why not try that?

    C:\>psloggedon username

    Bill

    Friday, March 9, 2012 3:24 PM
  • The only natively central way to do this is to query the DC security logs like I already stated.  If you don't want to do that, you have to write a script to grab this information, store it somewhere (share, database, etc.) and then you can do that part you're looking for:  run a direct query on the storage entity to find which user was on which computer.
    Friday, March 9, 2012 3:25 PM
  • Sorry that is a trickier question and there isn't an easy answer.

    Solutions we use in my organsiation are, querying the virus scanner database.  The central virusscan database communicates with clients every 15 minutes and one of the pieces of information it passes is who's logged on to te device. It's a relatively easy bit of scripting to write a SQL query to pull this information from the database.  Have a look in your infrastructure and see if you have a database that regularly collects this information.

    We also have login script that writes the clients IP to the properties of their AD user account. To link them to a PC all you need to do is ping -a the IP and parse the results.

    I realise both of these solutions take a little effort but I don't think there's an easy way to do it.

    If you're interested in the code to do either of these methods let me know.

    Cheers

    Alex

    Friday, March 9, 2012 3:54 PM
  • Hi,

    From the PsLoggedOn page:

    Usage: psloggedon [- ] [-l] [-x] [\\computername | username]
    -   Displays the supported options and the units of measurement used for output values.
    -l   Shows only local logons instead of both local and network resource logons.
    -x   Don't show logon times.
    \\computername   Specifies the name of the computer for which to list logon information.
    username   If you specify a user name PsLoggedOn searches the network for computers to which that user is logged on. This is useful if you want to ensure that a particular user is not logged on when you are about to change their user profile configuration.

    Note the username option.

    HTH,

    Bill


    Friday, March 9, 2012 4:01 PM
  • The psolggedon /username is only really suitable for fairly small networks.

    It connects to HKU key on every Pc  to see who's logged on. The thread on the sysinternals thread here

    http://forum.sysinternals.com/psloggedOn-never-seems-to-work_topic11562.html

    says it took 8 hours scan a network of 1500 devices. This might not be the right appraoch for everyone.

    Monday, March 12, 2012 9:55 AM
  • That is why a local agent reporting the logged on properties would be the best solution. You could however run multiple psloggedon commands simultaneously using scripts so it can be used to scale to larger organizations. 
    Monday, March 12, 2012 10:06 AM
  • Or may be an easier option is to use one of the network utlity which shown the machine name, ip address, logged in user....

    I'm planning to use ( http://www.mylanviewer.com/) any other suggested one?

    Monday, March 12, 2012 3:20 PM
  • Another option would be logon and logoff scripts (configured in group policy) that log username, computername, and date to a shared log file. I have examples linked on this page:

    http://www.rlmueller.net/Logon5.htm

    I also link a VBScript program to parse the resulting log file for user sessions. Or the log file can be read by a spreadsheet program, where you can sort by user and date. Anyone that has logged into a computer, but has not yet logged off, must still be logged on (unless the machine crashed before they could log off).


    Richard Mueller - MVP Directory Services

    Monday, March 19, 2012 4:11 PM