Solved

Show users logged into (w2k) domain/server

Posted on 2006-10-25
16
410 Views
Last Modified: 2012-06-27
Hi,

Does anyone know how to enumerate a list of the users logged into either the domain, or a specific domain controller (either is fine)?  
For the application I'm developing I'd need to be able to do this for normal (none-administrator) users using XP Pro workstations (Framework v2) within the same domain.

I've looked on MSDN and googled aroudn and only seem to find ways of showing users on local machines.  Anyone been here before and had success?
Thanks,

- Moz
0
Comment
Question by:nikez2k4
  • 5
  • 5
  • 3
16 Comments
 
LVL 15

Accepted Solution

by:
ozymandias earned 500 total points
ID: 17802207
OK. This will only be partially helpful.

There is a sysinternals utility called PsLoggedOn which will tell you who is logged on to a specific machine/server.
It comes with source code so you could get a look at how it's done and see if you can either reuse it or replicate its behaviour.

http://www.sysinternals.com/Utilities/PsLoggedOn.html

Basically it uses the NetEnumSession API.
0
 
LVL 1

Author Comment

by:nikez2k4
ID: 17802379
Thanks for the link - Yeah, that's in C as well (you think my c# is bad, you should see my C!) :-)
I had a google around for NetEnumSession API, could only find a few 404s and nothing much of any help.  Thanks for taking the time tho.
0
 
LVL 15

Expert Comment

by:ozymandias
ID: 17802503
You can also do this using WMI in C#.

Basically you can query all the sessions on a local machine like this :

using System;
using System.Management;

class WMITest{

    public static int Main(string[] args) {
        ManagementObjectSearcher searcher = new ManagementObjectSearcher("select * from Win32_SessionConnection");
        foreach (ManagementObject session in searcher.Get()) {
      foreach (PropertyData p in session.Properties){
            Console.WriteLine(p.Name + " = " + p.Value);
            Console.ReadLine();
      }
        }
        return 0;
    }
}

You can also connect to the WMI interface on a remote machine and do the same thing.
0
 
LVL 1

Author Comment

by:nikez2k4
ID: 17802667
Thanks for the reply, yeah - I'd been looking at WMI stuff on the MSDN but couldnt see how to make it search all the workstations out there (or simply query the FR DC) - I've tried your code example - compiles fine but only returns the username of the PC I'm on now (me!), rather than everyone.  Is this what you meant?
Thanks again.
0
 
LVL 15

Expert Comment

by:ozymandias
ID: 17803572
The example shows querying the local WMI provider.
You can coonect to another machine and run a similar query against that to find out who is logged on to to it both locally and remotely.
0
 
LVL 1

Author Comment

by:nikez2k4
ID: 17803746
That'd be okay for a few machines but I'd (ideally) want to get all the users logged in and there are over 700 PCs/Laptops on the network so it'd be too many to add in for looking "manually" .
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 15

Expert Comment

by:ozymandias
ID: 17803905
It should not be too hard.

You can :

    get a lits of all machine accounts from the domain
    go thourgh each one and poll the machine to see if it's active/switched on
0
 
LVL 15

Expert Comment

by:ozymandias
ID: 17803991
ooops...

    if its active
       remotely query its WMI to see who's logged on
    if not
       skip

That should do it.

In your question you said you wnated to see users logged on to a domain or specific domain controller in which case you wouldn't have to query each PC just the servers in question.
0
 
LVL 11

Expert Comment

by:Expert1701
ID: 17805073
What operating system is your domain controller running?
0
 
LVL 1

Author Comment

by:nikez2k4
ID: 17809897
Windows 2000 (Will be upgraded to 2003 in around 5 months)
All workstations are using XP Pro.
0
 
LVL 11

Expert Comment

by:Expert1701
ID: 17813313
The WMI suggestion is ideal, because it would only have to be run against the server in question (not on all the workstations).  To query WMI on a remote machine, you can modify ozymandias' code:

//If authentication is required.

  System.Management.ConnectionOptions connection = new System.Management.ConnectionOptions();
  connection.Username = "administrator";
  connection.Password = "password";

  System.Management.ManagementScope scope = new System.Management.ManagementScope(@"\\SERVER_IP_ADDRESS\root\cimv2", connection);

  ManagementObjectSearcher searcher = new System.Management.ManagementObjectSearcher(scope, "SELECT * FROM Win32_SessionConnection");

//If authentication is not required:

  System.Management.ManagementObjectSearcher searcher = new System.Management.ManagementObjectSearcher(@"\\SERVER_IP_ADDRESS\root\cimv2", "SELECT * FROM Win32_SessionConnection");

The catch is, it requires Windows Server 2003.
0
 
LVL 1

Author Comment

by:nikez2k4
ID: 17829283
Okay, I'll hang-fire until the upgrade, Thanks for your help!
0
 
LVL 11

Expert Comment

by:Expert1701
ID: 17997463
nikez2k4, I would like to suggest you accept ozymandias's first comment as the solution as it was the only one offered that works on your current operating system.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Introduction                                                 Was the var keyword really only brought out to shorten your syntax? Or have the VB language guys got their way in C#? What type of variable is it? All will be revealed.   Also called…
This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now