Search the network to get all users and logged on machines

How many domain controllers you are using ?

You can take this list by capturing Logon/Logoff event IDs from the security log.. You can use dumpel or eventqry to get these events.

there you can find the logged on host name user ID, date time etc. You can export the require fields.

But pleae note that you shd have enabled the auditing for that.

- You can also do otherway around.

Get the list of workstaion in your domain . ( lot of ways are there 1 - from the list of computers added to your domain, ping test to the subnet ettc.,).

The get  last logged in user name using Reg.exe to query  "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName" or  "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AltDefaultUserName".

at the end you will have the workstation and the last login user details. But i suggest to query event IDs..if you have less number of DCs.

You could use PSLoggedOn to see who is on a specific computer.  If you have a list of the computers in your environment, then you could write a batch file with a "For" loop to automate it and write the output to a file.

http://www.microsoft.com/technet/sysinternals/Security/PsLoggedOn.mspx

btpringle:

can you give me the full code.This looks good to me....

You will need two files.  One file is a list of computers that has all of your computers, one per line (computerList.txt).  The other is the batch file (getUsers.bat).  You will also need to copy psLoggedOn.exe into the same folder.

Please note:  You will need to manually run psLoggedOn.exe one time so that you can agree to the end user license.

The batch file will create a file called "outputUserList.txt", which contains the output from each computer.  It isn't pretty, but contains the information that you need.

computerList.txt
---------------------------------------------------------------------------
ComputerName1
ComputerName2
ComputerName3
and etc...
---------------------------------------------------------------------------


getUsers.bat
---------------------------------------------------------------------------
@echo off

DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo **************************************** >>outputUserList.txt

FOR /F %%a IN (computerList.txt) DO (
  echo Computer Name: %%a >> outputUserList.txt
  echo. >> outputUserList.txt

  FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b

>> outputUserList.txt

  echo. >> outputUserList.txt
  echo **************************************** >>outputUserList.txt
  echo. >> outputUserList.txt
 
)

---------------------------------------------------------------------------

I also found this, but it will only work if you are using WINS in your environment.

http://www.robvanderwoude.com/ntfortokens.html

A file is geting crated but only this content

Starting Log
 
****************************************

Did you put psLoggedOn.exe in the same folder?  

Did you run psLoggedOn.exe manually one time?

Did you create a text file called computerList.txt that has a list of all of the computers, one per line?

Yes i did all as you said.

I put this code in the bat file.Please tell me if this is correct.

@echo off

DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo **************************************** >>outputUserList.txt

FOR /F %%a IN (computerList.txt) DO (
  echo Computer Name: %%a >> outputUserList.txt
  echo. >> outputUserList.txt

  FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b

>> outputUserList.txt

  echo. >> outputUserList.txt
  echo **************************************** >>outputUserList.txt
  echo. >> outputUserList.txt
 

I suggest to run psLoggedOn.exe manually and see what is the output on bsharath computer then alter the   FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b  command accordingly.  

You forgot the ")" at the very end of the .bat file.  It closes the original "For" loop.  It should be as follows.



@echo off

DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo **************************************** >>outputUserList.txt

FOR /F %%a IN (computerList.txt) DO (
  echo Computer Name: %%a >> outputUserList.txt
  echo. >> outputUserList.txt

  FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b

>> outputUserList.txt

  echo. >> outputUserList.txt
  echo **************************************** >>outputUserList.txt
  echo. >> outputUserList.txt
 
)

Also, the line that starts "FOR /F "tokens..." was split when I posted it here because the line is too long (I assume).  from there to the ">>ouputUserList.txt" should all be on the same line in your batch file.

moorthy_kulumani:
For what i did i get this

C:\Get users>psloggedon.exe

PsLoggedOn v1.31 - Logon Session Displayer
Copyright (C) 1999-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

Users logged on locally:
     <Unknown> NT AUTHORITY\LOCAL SERVICE
     <Unknown> NT AUTHORITY\NETWORK SERVICE
     5/28/2007 6:43:49 PM    DEVELOPMENT\administrator
     5/25/2007 2:04:27 PM    DEV-CHEN-sr\Administrator
     <Unknown> NT AUTHORITY\SYSTEM

No one is logged on via resource shares.

C:\Get users>FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"')
DO echo User Name: %%b
%%b was unexpected at this time.

btpringle:

Now my script is like this.

@echo off

DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo **************************************** >>outputUserList.txt

FOR /F %%a IN (computerList.txt) DO (
  echo Computer Name: %%a >> outputUserList.txt
  echo. >> outputUserList.txt

  FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b >> outputUserList.txt

  echo. >> outputUserList.txt
  echo **************************************** >>outputUserList.txt
  echo. >> outputUserList.txt
 
)As mentioned all are in the same line

>> outputUserList.txt

But still the output is just this.

Starting Log
 
****************************************

You need to do the find using your domain name or your PC name I assume "DEV-CHEN-sr" is you PC and DEVELOPMENT is your Domain.

You can decide on what ID to pull and do the find accordingly.

Find ??

The domain name and machine name is correct

Below script should work for you.  make sure the this command is one liner.

  FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "DMN1"') DO echo User Name: %%b >> outputUserList.txt

----------------

@echo off

DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo **************************************** >>outputUserList.txt

FOR /F %%a IN (computerList.txt) DO (
  echo Computer Name: %%a >> outputUserList.txt
  echo. >> outputUserList.txt

  FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "DMN1"') DO echo User Name: %%b >> outputUserList.txt

  echo. >> outputUserList.txt
  echo **************************************** >>outputUserList.txt
  echo. >> outputUserList.txt
 
)

replace DMN1 with DEVELOPMENT

The file is created and have contents as this

Starting Log
 
****************************************
Computer Name: Dev-chen-nas01
 
 
****************************************
 
Computer Name: Dev-chen-mrd100
 
 
****************************************

I need to create 3 files.
1. getusers.bat file
2. computerlist.txt
3. outputUserList.txt

Am i correct should have the psloggedon.exe in the same folder.

It clear that there is some issue with  FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "DMN1"') DO echo User Name: %%b >> outputUserList.txt

1- Keep the psloggedon.exe in the same folder.
2- Did you ran psloggedon.exe once and agreed for the license.
3- Hope the above line in a single liner.
4- try removing  ">>outputUserList.txt" from all lines. You shd get the all in the screen that might be good way to trouble shoot. Let me know if you see anythign there.

Run the following line from a command line.  It is going to be the same as the original command in the batch file, except the variables are only going to have one percent sign (%a instead of %%a, %b instead of %%b).  %computername% is a system variable that will show the name of the local computer.

See what happens.  Copy and paste the entire output from the command line here, please.

Note:  You will have to change directory to the folder that has psloggedon in it.

FOR /F "tokens=*" %b in ('psLoggedOn.exe \\%computername% -x ^| find "%computername%"') DO echo User Name: %b

Scratch that... change them from %b to %a.

Also, are you trying to check this with the computer on which you are currently signed into Windows?  In other words, are you trying this on a remote computer or a local computer?

psLoggedOn will give you no results for the local computer.  With that said, you cannot use %computername% because that will check the local computer.  Change that to the name of another workstation and try it.

I used this

C:\Get users>FOR /F "tokens=*" %b in ('psLoggedOn.exe \\dev-chen-mrd100% -x ^| f
ind "%dev-chen-mrd100%"') DO echo User Name: %a

No error nor results

remove the % signs from around the computer name.

I get this

C:\Get users>FOR /F "tokens=*" %b in ('psLoggedOn.exe \\dev-chen-srv401 -x ^| find "dev-chen-srv401"') DO echo User Name: %b

Users logged on locally:
Users logged on locally:

C:\Get users>FOR /F "tokens=*" %b in ('psLoggedOn.exe \\dev-chen-mrd100 -x ^| find "dev-chen-mrd100"') DO echo User Name: %a

C:\Get users>echo User Name: %a
User Name: %a

Any help....

Hi Sharath, Can you just try the following command with few PC. Let me know what you get.

replace computer name with you system name. you will get the User ID that is the user currenlt logged on to the system.

reg query "\\computername\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"  /v DefaultUserName

C:\>reg query "\\dev-ch-mrd10\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersi
on\Winlogon"  /v DefaultUserName

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    DefaultUserName    REG_SZ    sharathr
I get this.

So you are looking for this one right ? Sitting in a machine you can run this against all computer and get the names. If you are look for domain that also you can get.

Let me know if you want some customized output. I can try to automate that using batch or VBS.

I need way to find only machine names which are in the list.

The result should be as

Machine name        Username

Is this possible...

Do you have all the machine names ??

Yes i have the machine names in a txt file

FYi, This is an VBS file.

Thanks this worked but scans all tbhe machines in the network.Its not taking the data from the file.

If you are willing to spend $$$, you can accomplish this without scripting, LANDesk is what you need.  LANDesk® Management Suite http://www.landesk.com/Products/LDMS/ 

You will need to build a server and install a client on every single computer that you want to keep track of.  It can be a headache to roll out, but it works like a charm when everything is set up properly.

Any help on this?

moorthy_kulumani

Any help to just do it for a single machine or machines in the list

It works for machine in the list. I tested very much before I post this.

Where do you have you machine list.

is it in C:\ComputerList.txt ? There is no way this script can search the network ...

The results will be in Junk.txt in C:\ drive.