• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5374
  • Last Modified:

How to find out logged in users

Hey experts, i know there is probably a simple answer for this.  I'm trying to find out how i can view the users info that are logged on to a win2k3 domain.  I can view logins for file or resource accesses, but i want to be able to see the loged in users and maybe their MAC addresses.
0
xttremegee
Asked:
xttremegee
1 Solution
 
anhtaiCommented:
Hi xttremegee,

Check the DHCP server for their MAC address

Cheers!
0
 
Steve AgnewSr. Systems EngineerCommented:
Well it's easy enough to create a login script that will create files for when people log in, but think about this:  Being logged in only means a domain controller said you enter the password for your network account correctly and so the computer gives you a desktop and the profile for that user on it.  At that point, the desktop/laptop doesn't communicate with the domain controller.. so the person can disconnect a laptop and go home, they can unplug the computer and there isn't anything to tell you that they are or aren't out there.. only a way to tell the last time they logged in and make an educated guess...  Domain Controllers don't maintain some type of who is and isn't logged in they only give permission to computers to log in users and then there job is done.  Until they try to access something on the network and then whatever they are trying to access says 'who are you' the desktop replies back with whatever you logged in with and then that server then asked some domain controller is this username/password vaild, if the domain controllers says 'yes' then the server allows access.  So your question of 'who is currently logged in' isn't really possible because of how it works- another scenario is someone that suspends or hibernates their pc.. the computer is off but still got a valid 'login' when the user logged in, even though it's technically off and will come back up in a 'logged in' state (which will then reauthenticate against anything it accesses with whatever it 'remembers' being logged in with.

So because of how it works, no way to know 'who is logged in' only who logged in and when.  You can use a login script with a simple batch file that echo's data out to a text file on a server.. I've used a line like this:

Echo %DATE% - %TIME% %USERNAME% logged into %COMPUTERNAME% using %LOGONSERVER% >>\\Atlantadc\who\%username%.%computername%.txt

This appends to a file so you get a running log, the filename is created with username.computername.txt and you can look at it's last modified time to quickly see who logged in to where and when.  This appends to the file so it creates a running log of when they logged in and to where and using what domain controller- when you read the text of the file.  Very basic but powerful and easy to implement and it quickly lets you know computer name user and time of a login.  Getting a mac address is more tricky and will require you to get the information in the script and then to log it.  KIX can do this but it's complicated as computers generally think they have more than one nic card so which one do you want the MAC for?  the wireless, infared, vpn, bluetooth, etc.. windows see's these all as 'network connections'

Probably more information than what you expected and wow for 150 points.. LOL.. I'm going to stop now.
0
 
ccservCommented:
to find out who is logged in type

NET SESSION at the dos prompt which will list all those who are currently logged in

by using the computer management console under admin tools, then clicking on system tools, shared folders, session brings up who is currently using the shares on the server.

I dont think either are exactly what you need but may provide some information.

regards chris
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Steve AgnewSr. Systems EngineerCommented:
Actually that isn't true.. it will only tell you who has active connections, windows drops the connection after a short period of time and doesn't maintain them.  To see this map a network drive or open my computer after about 10 minutes you will see red X's on them because windows disconnects.. it only activates it upon demand this is to lower what the server has to keep up and for perfomance issues..
0
 
Naser GabajCommented:
A utility called USRSTAT.EXE is shipped with the NT Server  Resource Kit, and this utility supplies information on all members of a given domain, including time/date of last login
usrstat <domain>
e.g. usrstat savilltech

Ref & more info:
http://www.windowsitpro.com/Article/ArticleID/15063/15063.html

Good luck.

Naser
0
 
xttremegeeAuthor Commented:
Hey guys, thanks for the info, if i had weighted this more i'd split the points.  I only selected DeadNight 's answer 'cause it's pretty detailed and it actually has the original solution i was thinking of using(dumping logged in time\user\machine to text file).....

Thanks alot guys!!
0
 
AudleyTravelCommented:
Using Group Policy logon/logoff scripts we have a vbscript that sets CustomAttribute1 to 1 on logon and 0 on logoff and then the Query-Based Distribution group checks AD for all the 1's and sends the email to those people. The only issue we've found seems to be around password expiry time. If a user's password expires or sometimes even when they do change it in time, the script fails with an error saying "Table does not exist". I'm fairly sure this is because the script is denied access to read from/write to active directory because their password or other security doesn't match up. To fix it we either reset their password and then run the script manually or sometimes we don't have to because the next time they launch Outlook, they are prompted for their password and given the option to save the updated password. The next time they logon it works OK. Anyway, here are the scripts in case anyone wants to use them. There might be better ways to code it but it works.

Logon:

dim oshell
dim UserString
dim objUser

set oshell = wscript.createobject("wscript.shell")
UserString = oshell.expandenvironmentstrings("%username%")
UserDN = SearchDistinguishedName(UserString)

Set objUser = GetObject("LDAP://" & UserDN)

objUser.Put "extensionAttribute1", "1"
objUser.SetInfo

Public Function SearchDistinguishedName(ByVal vSAN)
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function

Set oshell = Nothing
Set objUser = Nothing
===================================================
Logoff:

dim oshell
dim UserString
dim objUser

set oshell = wscript.createobject("wscript.shell")
UserString = oshell.expandenvironmentstrings("%username%")
UserDN = SearchDistinguishedName(UserString)

Set objUser = GetObject("LDAP://" & UserDN)

objUser.Put "extensionAttribute1", "0"
objUser.SetInfo

Public Function SearchDistinguishedName(ByVal vSAN)
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function

Set oshell = Nothing
Set objUser = Nothing

Hope somebody can make use of it.

Cheers,

Pat Mckeon
IT Support Consultant Extraordinaire
Audley Travel Group
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now