Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Get Remote Computer Username

Posted on 2005-03-04
Medium Priority
Last Modified: 2008-02-01

Sorry if this is a bit long winded...

I am writing a forum for a comprehensive school.
But a few pupils will probably try to abuse it.

I want to make it posible to ban certain pupils from posting.
But, it would take too long to go through and manualy add each pupil to the database every year when new pupils come up from primary school. But if they are allowed to signup then we will never know who is who because they wont use their school username.

Although we will be able to ban them, they could just sign up again. and we wouldnt be able to speak to them about it because we wouldn't know who it was.

So, I want to know if it is possible, and if so, how to get the username that they used to log into the computer. I.e. the windows username that they are using.

Thanks in advance
Question by:mms_master
LVL 14

Expert Comment

ID: 13457475

Hmm this makes me think about "The Identification Protocol", heavily used on IRC chat networks and unix, but I could never see a server implementation for windows. But I bet there is a loadable service for windows NT/2000/XP.


From a quick search the following PHP implementation of RFC 413 came up this:

so assuming it is well coded, you only need the windows daemon. This is the first result i've got:

but unfortunately it's for old win95-based windows.

LVL 18

Expert Comment

ID: 13457517
Could you not get the username from Netbios? Not sure if that will be construed as hacking, but I know client-side scripts which get username are definetly considered hacking in EE's policy. The username of the currenlty logged in Windows users is suppose to be kept secret, information disclosure of such sort could lead to attacks against the user.

LVL 25

Expert Comment

by:Marcus Bointon
ID: 13457548
I don't think you can get that info - it's protected - exposing the username would represent a fair security risk. See here:


I'd suggest that you allow sign-ups, but make them require approval, and authenticate them by something unique to each pupil, like their mobile phone number or their login name), and only allow one username per identifier (so they can't share accounts of existing users).

OTOH, because it is a closed system, you may be able to co-ordinate with your local directory server to find out which login an IP is associated with, and similarly, you might be able to give your forum sufficient privileges to find out the local login name through Javascript or ActiveX component. Alternatively, make your login/password request page a Windows HTA, signed appropriately, which can give you much higher security clearance. Read more about them here:


Author Comment

ID: 13636981
Me and a friend come accross an object which is used for RM's status reporter on comunity connect 3.

This object can be used to get the windows username for the person that is currently logged in (using VBscript). Then a form is automatically submitted by javascript, which passes the username on to php.

Accepted Solution

OzzMod earned 0 total points
ID: 13670126
Closed, 50 points refunded.
Community Support Moderator (Graveyard shift)

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question