bsharath
asked on
Search the network to get all users and logged on machines
Hi,
I need to find all the users on what machines they are logged in at the movement is this possible.
Regards
Sharath
I need to find all the users on what machines they are logged in at the movement is this possible.
Regards
Sharath
You could use PSLoggedOn to see who is on a specific computer. If you have a list of the computers in your environment, then you could write a batch file with a "For" loop to automate it and write the output to a file.
http://www.microsoft.com/technet/sysinternals/Security/PsLoggedOn.mspx
http://www.microsoft.com/technet/sysinternals/Security/PsLoggedOn.mspx
ASKER
btpringle:
can you give me the full code.This looks good to me....
can you give me the full code.This looks good to me....
You will need two files. One file is a list of computers that has all of your computers, one per line (computerList.txt). The other is the batch file (getUsers.bat). You will also need to copy psLoggedOn.exe into the same folder.
Please note: You will need to manually run psLoggedOn.exe one time so that you can agree to the end user license.
The batch file will create a file called "outputUserList.txt", which contains the output from each computer. It isn't pretty, but contains the information that you need.
computerList.txt
-------------------------- ---------- ---------- ---------- ---------- ---------
ComputerName1
ComputerName2
ComputerName3
and etc...
-------------------------- ---------- ---------- ---------- ---------- ---------
getUsers.bat
-------------------------- ---------- ---------- ---------- ---------- ---------
@echo off
DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo ************************** ********** **** >>outputUserList.txt
FOR /F %%a IN (computerList.txt) DO (
echo Computer Name: %%a >> outputUserList.txt
echo. >> outputUserList.txt
FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b
>> outputUserList.txt
echo. >> outputUserList.txt
echo ************************** ********** **** >>outputUserList.txt
echo. >> outputUserList.txt
)
-------------------------- ---------- ---------- ---------- ---------- ---------
Please note: You will need to manually run psLoggedOn.exe one time so that you can agree to the end user license.
The batch file will create a file called "outputUserList.txt", which contains the output from each computer. It isn't pretty, but contains the information that you need.
computerList.txt
--------------------------
ComputerName1
ComputerName2
ComputerName3
and etc...
--------------------------
getUsers.bat
--------------------------
@echo off
DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo **************************
FOR /F %%a IN (computerList.txt) DO (
echo Computer Name: %%a >> outputUserList.txt
echo. >> outputUserList.txt
FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b
>> outputUserList.txt
echo. >> outputUserList.txt
echo **************************
echo. >> outputUserList.txt
)
--------------------------
I also found this, but it will only work if you are using WINS in your environment.
http://www.robvanderwoude.com/ntfortokens.html
http://www.robvanderwoude.com/ntfortokens.html
ASKER
A file is geting crated but only this content
Starting Log
************************** ********** ****
Starting Log
**************************
Did you put psLoggedOn.exe in the same folder?
Did you run psLoggedOn.exe manually one time?
Did you create a text file called computerList.txt that has a list of all of the computers, one per line?
Did you run psLoggedOn.exe manually one time?
Did you create a text file called computerList.txt that has a list of all of the computers, one per line?
ASKER
Yes i did all as you said.
I put this code in the bat file.Please tell me if this is correct.
@echo off
DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo ************************** ********** **** >>outputUserList.txt
FOR /F %%a IN (computerList.txt) DO (
echo Computer Name: %%a >> outputUserList.txt
echo. >> outputUserList.txt
FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b
>> outputUserList.txt
echo. >> outputUserList.txt
echo ************************** ********** **** >>outputUserList.txt
echo. >> outputUserList.txt
I put this code in the bat file.Please tell me if this is correct.
@echo off
DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo **************************
FOR /F %%a IN (computerList.txt) DO (
echo Computer Name: %%a >> outputUserList.txt
echo. >> outputUserList.txt
FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b
>> outputUserList.txt
echo. >> outputUserList.txt
echo **************************
echo. >> outputUserList.txt
I suggest to run psLoggedOn.exe manually and see what is the output on bsharath computer then alter the FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b command accordingly.
You forgot the ")" at the very end of the .bat file. It closes the original "For" loop. It should be as follows.
@echo off
DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo ************************** ********** **** >>outputUserList.txt
FOR /F %%a IN (computerList.txt) DO (
echo Computer Name: %%a >> outputUserList.txt
echo. >> outputUserList.txt
FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b
>> outputUserList.txt
echo. >> outputUserList.txt
echo ************************** ********** **** >>outputUserList.txt
echo. >> outputUserList.txt
)
@echo off
DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo **************************
FOR /F %%a IN (computerList.txt) DO (
echo Computer Name: %%a >> outputUserList.txt
echo. >> outputUserList.txt
FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b
>> outputUserList.txt
echo. >> outputUserList.txt
echo **************************
echo. >> outputUserList.txt
)
Also, the line that starts "FOR /F "tokens..." was split when I posted it here because the line is too long (I assume). from there to the ">>ouputUserList.txt" should all be on the same line in your batch file.
ASKER
moorthy_kulumani:
For what i did i get this
C:\Get users>psloggedon.exe
PsLoggedOn v1.31 - Logon Session Displayer
Copyright (C) 1999-2003 Mark Russinovich
Sysinternals - www.sysinternals.com
Users logged on locally:
<Unknown> NT AUTHORITY\LOCAL SERVICE
<Unknown> NT AUTHORITY\NETWORK SERVICE
5/28/2007 6:43:49 PM DEVELOPMENT\administrator
5/25/2007 2:04:27 PM DEV-CHEN-sr\Administrator
<Unknown> NT AUTHORITY\SYSTEM
No one is logged on via resource shares.
C:\Get users>FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"')
DO echo User Name: %%b
%%b was unexpected at this time.
For what i did i get this
C:\Get users>psloggedon.exe
PsLoggedOn v1.31 - Logon Session Displayer
Copyright (C) 1999-2003 Mark Russinovich
Sysinternals - www.sysinternals.com
Users logged on locally:
<Unknown> NT AUTHORITY\LOCAL SERVICE
<Unknown> NT AUTHORITY\NETWORK SERVICE
5/28/2007 6:43:49 PM DEVELOPMENT\administrator
5/25/2007 2:04:27 PM DEV-CHEN-sr\Administrator
<Unknown> NT AUTHORITY\SYSTEM
No one is logged on via resource shares.
C:\Get users>FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"')
DO echo User Name: %%b
%%b was unexpected at this time.
ASKER
btpringle:
Now my script is like this.
@echo off
DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo ************************** ********** **** >>outputUserList.txt
FOR /F %%a IN (computerList.txt) DO (
echo Computer Name: %%a >> outputUserList.txt
echo. >> outputUserList.txt
FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b >> outputUserList.txt
echo. >> outputUserList.txt
echo ************************** ********** **** >>outputUserList.txt
echo. >> outputUserList.txt
)As mentioned all are in the same line
>> outputUserList.txt
But still the output is just this.
Starting Log
************************** ********** ****
Now my script is like this.
@echo off
DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo **************************
FOR /F %%a IN (computerList.txt) DO (
echo Computer Name: %%a >> outputUserList.txt
echo. >> outputUserList.txt
FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "%%a"') DO echo User Name: %%b >> outputUserList.txt
echo. >> outputUserList.txt
echo **************************
echo. >> outputUserList.txt
)As mentioned all are in the same line
>> outputUserList.txt
But still the output is just this.
Starting Log
**************************
You need to do the find using your domain name or your PC name I assume "DEV-CHEN-sr" is you PC and DEVELOPMENT is your Domain.
You can decide on what ID to pull and do the find accordingly.
You can decide on what ID to pull and do the find accordingly.
ASKER
Find ??
The domain name and machine name is correct
The domain name and machine name is correct
Below script should work for you. make sure the this command is one liner.
FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "DMN1"') DO echo User Name: %%b >> outputUserList.txt
----------------
@echo off
DEL /Q outputUserList.txt
echo Starting Log > outputUserList.txt
echo. >> outputUserList.txt
echo **************************
FOR /F %%a IN (computerList.txt) DO (
echo Computer Name: %%a >> outputUserList.txt
echo. >> outputUserList.txt
FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "DMN1"') DO echo User Name: %%b >> outputUserList.txt
echo. >> outputUserList.txt
echo **************************
echo. >> outputUserList.txt
)
replace DMN1 with DEVELOPMENT
ASKER
The file is created and have contents as this
Starting Log
************************** ********** ****
Computer Name: Dev-chen-nas01
************************** ********** ****
Computer Name: Dev-chen-mrd100
************************** ********** ****
I need to create 3 files.
1. getusers.bat file
2. computerlist.txt
3. outputUserList.txt
Am i correct should have the psloggedon.exe in the same folder.
Starting Log
**************************
Computer Name: Dev-chen-nas01
**************************
Computer Name: Dev-chen-mrd100
**************************
I need to create 3 files.
1. getusers.bat file
2. computerlist.txt
3. outputUserList.txt
Am i correct should have the psloggedon.exe in the same folder.
It clear that there is some issue with FOR /F "tokens=*" %%b in ('psLoggedOn.exe \\%%a -x ^| find "DMN1"') DO echo User Name: %%b >> outputUserList.txt
1- Keep the psloggedon.exe in the same folder.
2- Did you ran psloggedon.exe once and agreed for the license.
3- Hope the above line in a single liner.
4- try removing ">>outputUserList.txt" from all lines. You shd get the all in the screen that might be good way to trouble shoot. Let me know if you see anythign there.
1- Keep the psloggedon.exe in the same folder.
2- Did you ran psloggedon.exe once and agreed for the license.
3- Hope the above line in a single liner.
4- try removing ">>outputUserList.txt" from all lines. You shd get the all in the screen that might be good way to trouble shoot. Let me know if you see anythign there.
Run the following line from a command line. It is going to be the same as the original command in the batch file, except the variables are only going to have one percent sign (%a instead of %%a, %b instead of %%b). %computername% is a system variable that will show the name of the local computer.
See what happens. Copy and paste the entire output from the command line here, please.
Note: You will have to change directory to the folder that has psloggedon in it.
FOR /F "tokens=*" %b in ('psLoggedOn.exe \\%computername% -x ^| find "%computername%"') DO echo User Name: %b
See what happens. Copy and paste the entire output from the command line here, please.
Note: You will have to change directory to the folder that has psloggedon in it.
FOR /F "tokens=*" %b in ('psLoggedOn.exe \\%computername% -x ^| find "%computername%"') DO echo User Name: %b
Scratch that... change them from %b to %a.
Also, are you trying to check this with the computer on which you are currently signed into Windows? In other words, are you trying this on a remote computer or a local computer?
psLoggedOn will give you no results for the local computer. With that said, you cannot use %computername% because that will check the local computer. Change that to the name of another workstation and try it.
psLoggedOn will give you no results for the local computer. With that said, you cannot use %computername% because that will check the local computer. Change that to the name of another workstation and try it.
ASKER
I used this
C:\Get users>FOR /F "tokens=*" %b in ('psLoggedOn.exe \\dev-chen-mrd100% -x ^| f
ind "%dev-chen-mrd100%"') DO echo User Name: %a
No error nor results
C:\Get users>FOR /F "tokens=*" %b in ('psLoggedOn.exe \\dev-chen-mrd100% -x ^| f
ind "%dev-chen-mrd100%"') DO echo User Name: %a
No error nor results
remove the % signs from around the computer name.
ASKER
I get this
C:\Get users>FOR /F "tokens=*" %b in ('psLoggedOn.exe \\dev-chen-srv401 -x ^| find "dev-chen-srv401"') DO echo User Name: %b
Users logged on locally:
Users logged on locally:
C:\Get users>FOR /F "tokens=*" %b in ('psLoggedOn.exe \\dev-chen-mrd100 -x ^| find "dev-chen-mrd100"') DO echo User Name: %a
C:\Get users>echo User Name: %a
User Name: %a
C:\Get users>FOR /F "tokens=*" %b in ('psLoggedOn.exe \\dev-chen-srv401 -x ^| find "dev-chen-srv401"') DO echo User Name: %b
Users logged on locally:
Users logged on locally:
C:\Get users>FOR /F "tokens=*" %b in ('psLoggedOn.exe \\dev-chen-mrd100 -x ^| find "dev-chen-mrd100"') DO echo User Name: %a
C:\Get users>echo User Name: %a
User Name: %a
ASKER
Any help....
Hi Sharath, Can you just try the following command with few PC. Let me know what you get.
replace computer name with you system name. you will get the User ID that is the user currenlt logged on to the system.
reg query "\\computername\HKLM\SOFTW ARE\Micros oft\Window s NT\CurrentVersion\Winlogon " /v DefaultUserName
replace computer name with you system name. you will get the User ID that is the user currenlt logged on to the system.
reg query "\\computername\HKLM\SOFTW
ASKER
C:\>reg query "\\dev-ch-mrd10\HKLM\SOFTW ARE\Micros oft\Window s NT\CurrentVersi
on\Winlogon" /v DefaultUserName
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows NT\CurrentVersion\Winlogon
DefaultUserName REG_SZ sharathr
I get this.
on\Winlogon" /v DefaultUserName
HKEY_LOCAL_MACHINE\SOFTWAR
DefaultUserName REG_SZ sharathr
I get this.
So you are looking for this one right ? Sitting in a machine you can run this against all computer and get the names. If you are look for domain that also you can get.
Let me know if you want some customized output. I can try to automate that using batch or VBS.
Let me know if you want some customized output. I can try to automate that using batch or VBS.
ASKER
I need way to find only machine names which are in the list.
The result should be as
Machine name Username
Is this possible...
The result should be as
Machine name Username
Is this possible...
Do you have all the machine names ??
ASKER
Yes i have the machine names in a txt file
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
FYi, This is an VBS file.
ASKER
Thanks this worked but scans all tbhe machines in the network.Its not taking the data from the file.
If you are willing to spend $$$, you can accomplish this without scripting, LANDesk is what you need. LANDesk® Management Suite http://www.landesk.com/Products/LDMS/
You will need to build a server and install a client on every single computer that you want to keep track of. It can be a headache to roll out, but it works like a charm when everything is set up properly.
You will need to build a server and install a client on every single computer that you want to keep track of. It can be a headache to roll out, but it works like a charm when everything is set up properly.
ASKER
Any help on this?
ASKER
moorthy_kulumani
Any help to just do it for a single machine or machines in the list
Any help to just do it for a single machine or machines in the list
It works for machine in the list. I tested very much before I post this.
Where do you have you machine list.
is it in C:\ComputerList.txt ? There is no way this script can search the network ...
The results will be in Junk.txt in C:\ drive.
Where do you have you machine list.
is it in C:\ComputerList.txt ? There is no way this script can search the network ...
The results will be in Junk.txt in C:\ drive.
You can take this list by capturing Logon/Logoff event IDs from the security log.. You can use dumpel or eventqry to get these events.
there you can find the logged on host name user ID, date time etc. You can export the require fields.
But pleae note that you shd have enabled the auditing for that.
- You can also do otherway around.
Get the list of workstaion in your domain . ( lot of ways are there 1 - from the list of computers added to your domain, ping test to the subnet ettc.,).
The get last logged in user name using Reg.exe to query "HKLM\SOFTWARE\Microsoft\W
at the end you will have the workstation and the last login user details. But i suggest to query event IDs..if you have less number of DCs.