?
Solved

How do I tell who's currently logged on to a remote computer that is running Windows 2000 Pro or Windows XP Pro?

Posted on 2004-10-06
27
Medium Priority
?
792 Views
Last Modified: 2008-09-18
I'm attempting to do this from a Windows 2003 Small Business Server remotely for a client of ours. I've looked at DHCP and NBTSTAT for hints but no luck. I am simply trying to find the name of the user account that is currently logged onto a computer named WOLF on the network. Any ideas? Thanks.
0
Comment
Question by:WineGeek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 3
  • +9
27 Comments
 
LVL 9

Assisted Solution

by:MSGeek
MSGeek earned 99 total points
ID: 12243115
You need to use event logging to determine this.  By default 2003 logs account logion events.  This may help:  http://www.winnetmag.com/Windows/Article/ArticleID/40046/40046.html
0
 

Author Comment

by:WineGeek
ID: 12243290
I'm thinking that this doesn't apply to my situation. Here's why: This computer named WOLF is not a domain member, which is the problem I'm trying to resolve. I'm seeing errors in the event log of the 2003 server that the computer \\WOLF is trying to connect to the server, but it ain't happening thanks to changed/failed trust relationsips when some heavy domain changes were done before I even started working here. I'm trying to join this WOLF computer to the domain and need to know who's logged on to it so I know who to ask for when I call the client's office. Thanks again for any help.
0
 
LVL 11

Assisted Solution

by:gothicbloody
gothicbloody earned 99 total points
ID: 12243311
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Assisted Solution

by:hehewithbrackets
hehewithbrackets earned 495 total points
ID: 12243343
Does this mean that you have no access to the WOLF computer at all?  Do you have administrative access to open up it's computer management console remotely or access it's hard drive?  If not, you can always try to do a NET SEND 'message' which might go through and ask him to call you.
0
 
LVL 3

Assisted Solution

by:zamoti
zamoti earned 99 total points
ID: 12243411
Open a command prompt and try this:

tasklist /v /s \\wolf

It should list what programs are running and who is running them.  

Good luck!
0
 

Author Comment

by:WineGeek
ID: 12243490
This command is prompting me as follows:
Type the password for <DomainName>\Administrator:

When I enter the password, it replie as follows:
ERROR: Logon failure: unknown user or bad password.

Am I doing something wrong? I obviously know the correct password or I wouldn't have been able to log onto the server. Thanks.
0
 

Author Comment

by:WineGeek
ID: 12243506
I tried the NET SEND command earlier and couldnt get it to work. Probably bad syntax on my part, but I checked with HELP and I'm not sure why it didn't work???
0
 
LVL 3

Assisted Solution

by:hehewithbrackets
hehewithbrackets earned 495 total points
ID: 12243783
This goes back to my original question of whether you have administrative access to the machine.  What password are you entering into the system?  Since the computer is not a domain member, you would need to use the credentials of the local administrator account or the administrator from the previous domain if it is still a member of the old domain.

When you tried the NET SEND command, did you receive any kind of error message?  It also will not work if the messenger service is shutdown on the target machine.
0
 

Author Comment

by:WineGeek
ID: 12243810
That's what I was afraid of. I don't know the local admin password, or any other password for a local account on that machine. Thanks for your help anyway everyone.
0
 
LVL 3

Assisted Solution

by:hehewithbrackets
hehewithbrackets earned 495 total points
ID: 12243824
Are you able to get access to the remote computer's hard drive by going to \\WOLF\C$
If so, navigate to the profiles folder and see what user folders exist.  It's a long shot, but worth a look.
0
 

Author Comment

by:WineGeek
ID: 12243842
Ok, I'll try that tomorrow. Also, how does this "points" thing work on this web site? Do I click the [Accept] button only for those who provide the answer that worked? Is that roughly how it goes here? I just joined today. Thanks.
0
 
LVL 3

Assisted Solution

by:hehewithbrackets
hehewithbrackets earned 495 total points
ID: 12243845
Is the computer physically located near your location?  Can you track it down by IP address back to the switchport it is plugged into?
0
 
LVL 3

Assisted Solution

by:hehewithbrackets
hehewithbrackets earned 495 total points
ID: 12243850
Yes, you can split the points as you wish.
0
 

Author Comment

by:WineGeek
ID: 12244082
Thanks. No, the computer is in another building miles away from me.
0
 
LVL 10

Assisted Solution

by:dis1931
dis1931 earned 99 total points
ID: 12246049
try "nbtstat -a" followed by the computer name so if the PC is wolf then type

nbtstat -a wolf

or if you have an IP address type

nbtstat -A XXX.XXX.XXX.XXX

This should provide you with a logged in user name....
0
 

Assisted Solution

by:C0mab0y
C0mab0y earned 99 total points
ID: 12247420
From the PDC open a commandprompt and type:

Net sessions \\wolf

This returns current username, computername, client type, session time, time inactive.

Net sessions

This returns a list of all current sessions with the PDC.

0
 
LVL 5

Assisted Solution

by:zerofield
zerofield earned 99 total points
ID: 12249254
psloggedon is the tool i use for doing this.  it will let you check the status of users logged into a single machine, or scan the entire domain.  it's free from sysinternals.
0
 

Assisted Solution

by:EricdJ
EricdJ earned 99 total points
ID: 12249259
User Management Console (MMC) with Computer management snap-in and connect to remote computer (if necessary add your account to to adminsitrators group at the wolf computer)

In the "System Tools | Shared Folder | Sessions " container you will see the user(s) connected/logged in
0
 
LVL 4

Assisted Solution

by:internetsavant
internetsavant earned 99 total points
ID: 12253836
from any computer type at the command prompt:

c:\>nbtstat -a %computer_name%

this will tell you who the current logged on user is.


you can go into Local Security Policy mmc and start logging security events like logon/logoff events and then, connect to that computer's Event Viewer through Computer Management (if you have admin rights to the machine) and view what user account logged on at what time and you can deduce the length of time once you see a corresponding logoff event.

=D
0
 
LVL 2

Assisted Solution

by:Snodlander
Snodlander earned 99 total points
ID: 12256428
NBTSTAT -a \\wolf
This should return a bunch of info, including the logon name of the user CURRENTLY using the machine.

You can try sending an instant console message by opening up Computer Management, right click on "shared folders" select "all tasks" "send console message". Add wolf in by its IP address and send a message to the user.

From an XP machine you can try to 'Offer Remote Assistance' to Wolf. This will at least let you know if it is an XP machine.

You could also try shutting it down remotely and seeing who complains. From a run command type.. shutdown -i
This will bring up the GUI interface for the shutdown application - easier than using the DOS based command with switches.
You can type a short message telling the user of Wolf to contact you on your number, which they will, or face more shutdowns. This may not work, however, since you do not know the admin password for Wolf.

Can you not work out where it is generally from its IP address?
0
 
LVL 2

Accepted Solution

by:
stardust126 earned 114 total points
ID: 12256835
What you want is see who is CURRENTLY logged on.
The best solution availble is psloggedon (http://www.sysinternals.com/files/PsLoggedOn.zip) from the PsTools pack (http://www.sysinternals.com/files/Pstools.zip).
It lets you see who's logged on to the computer from local logon and network logon (someone accessing a share on that computer) and also let's you search for all your network for a specified user and what computer he's logged on to.

0
 

Author Comment

by:WineGeek
ID: 12259425
You all have given me some very good suggestions. But no success so far.

When I ran pslogged on, it failed saying to make sure the registry service was running on \\wolf. I could ping \wolf but pslogged on didn't work. [Nbtstat -a] also fails to provide any helpful information.

I believe the facts that \\wolf is not a domain member combined with the fact that I cannot physically get to the machine (without driving to the client's office) is going to be a deal breaker on this. Although I like the idea of shutting down \\wolf remotely and seeing who complains. Perhaps I'll get that desperate soon. Thanks everyone. I'd like to hand out some points. I've got to figure out how to do that to multiple people. Thanks again everyone.
0
 
LVL 2

Expert Comment

by:stardust126
ID: 12266642
Please check if the 'Remote Registry Service' is running on the remote computer.
I believe that service is disabled by default.
0
 
LVL 2

Expert Comment

by:Snodlander
ID: 12273246
Can you post the results of your nbtstat here?
0
 

Author Comment

by:WineGeek
ID: 12499649
results of running nbtstat -a \\wolf are as follows:

**********************
Host not found.
**********************

I can ping wolf, and nbtstat is reporting that wolf is at 10.10.10.5. So I'm still stumped....
0
 
LVL 4

Expert Comment

by:internetsavant
ID: 12499910
is that IP apart of your network?  Can you check AD to see if you have a "Wolf" computer located anywhere in your domain?  If not, you have a computer that's attached to your network via DHCP but does not have a computer account.  This is a common hacking method because all they need is a valid user account and they can access any network resource.  

If the 10.10.10.5 computer is in your subnetting scheme, don't you have the subnets broken down by physical location??  The subnet itself should give you an idea of the geographic location...

What is the scope of the network we're talking about here??
0
 
LVL 4

Expert Comment

by:internetsavant
ID: 12499933
ALSO:

if you run nbtstat -a against the computer name and don't return any results, it may be because of the case i stated above where the computer doesn't have a valid computer account on your domain...

to get around this (since you can ping the machine) do this:

nbtstat -A 10.10.10.5  

*note the capital "A" instead of the lowercase one designating you're looking for the IP address.

If you don't get a response out of this, it's probably because "WOLF" has NetBIOS turned off...
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction How to create multiboot configuration with XP\Vista and Windows 7 on it? And most important question - how to do this correctly so not to have any kind of nightmares we get when system gets screwed? First of all one should realize t…
Sometimes a user will call me frantically, explaining that something has gone wrong and they have tried everything (read - they have messed it up more and now need someone to clean up) and it still does no good, can I help them?!  Usually the standa…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question