Solved

Detect Remotely if ANY User is Logged In

Posted on 2006-11-01
6
807 Views
Last Modified: 2010-05-18
This one can either be fun, or a pain in the neck.  It started out fun; now it's a pain in the neck so I'm gonna pass it on to you Experts.


I need a way to detect, remotely, whether a Windows XP computer is "in use" -- that is, whether somebody is presently logged-in.  The query that determines this might come from anywhere within the local network.

I do NOT necessarily need to know WHO is logged in.  That clearly raises some security and privacy concerns I'd best avoid.  I certainly won't consider it a deal-breaker to find a solution that happens to give me a username, but that's not really what I'm after.

I want to do this without exposing the system "in any way" -- that is, I don't want to have to poke new holes in existing security.  If it's necesasry to poke holes, I'd like to poke a really tiny one that allows only this information out.  I've found solutions, for example, that would allow remote querying of the entire registry; I don't consider that acceptable.


In case you'll find it inspirational, here's WHY I want to do this:

I have an application used in university computer labs that does things like take attendance, keep track of which students have questions, helps students find teaching assistants who are on-duty for their classes, et cetera.  This is a program students seeking help explicitly run from the desktop.  Obviously once it's running (and connected to a central server) I have all the information I need.

There are often students using computers who aren't in a class, though -- students who are just peacefully writing essays on, say, privacy rights.  I don't need (I don't WANT) detailed usage information from these people; they won't be running the application, so all is well.

The missing piece (what I'm asking you to find) is to tell me that somebody is logged-in to a computer who ISN'T running my application.  This allows me to answer questions like, "Are there enough free seats right now for a class of 30 people, or will we have to ask people to leave?"


Be aware that I've tried several potential solutions to this already without success, but will happily try several more if there's still hope of finding an answer.
0
Comment
Question by:VoteyDisciple
  • 3
  • 3
6 Comments
 
LVL 4

Accepted Solution

by:
KellyCraig earned 500 total points
ID: 17850587
run this in your script.

wmic.exe computersystem get UserName

if you want to output it to a file, just do one of these

wmic.exe computersystem get UserName > tothisfile
wmic.exe /append:pathtofile computersystem get UserName /format:xsl

If you need to knwo more, you can just run wmic.exe at the command prompt and type /?


PS: the command will return a value like this.

Username
KCDN-EVO\User

If no one is on, it will say

Username

XD
--Kelly
0
 
LVL 19

Author Comment

by:VoteyDisciple
ID: 17851196
That works correctly on my local machine, but on other machines (on which I do not have an account) I get an "Access is denied" response.  Of course, this is unsurprising.

What would I need to change on lab machines (which do not really have local users besides an administrative account) to allow this particular command to go through?
0
 
LVL 19

Author Comment

by:VoteyDisciple
ID: 17903673
Since I haven't heard anything here in a while I'm going to assume I've just phrased my question poorly and ask to have this one deleted unless anybody has any brilliant ideas forthcoming?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 4

Expert Comment

by:KellyCraig
ID: 17906676
Oh, yes, I am very sorry.
In order to poof the Access Denied error you would need to Right click the "My Computer" icons on each machine, select Manage and on the window that pops up there will be a navigation bar to the left.
Here you can either add \EVERYONE to the list of Administrative users, or you can click WMI Controls on the nav bar, and change the permissions manually on who can perform what Queries.
You can use that to assign permissions.

Ideally adding EVERYONE to the admin group or making an account on each of those machine with the same username/password as the machine you plan to run the scans from and adding that to the admin group.The command you'll want to run is something like this in batch file format.

--
for /F %%i in (\\computer\share\computers.txt) do (
      echo Processing %%i...
      wmic /Failfast:on /node:"%%i" /append:"\\computer\share\ouput.csv" computersystem Get UserName /format:csv
)
--

That would create a new line in the csv file for every machine in the computer.txt file.
Now, the fun thing is you can output it in any file in any format.
I chose csv as it is the easiest to play with if you are programming.
you can use /ouput:"file.something" however it will overwrite the file thus you would do a command liek this with output
--
wmic /Failfast:on /node:"%%i" /output:"\\computer\share\%%i_ouput.csv" computersystem Get UserName /format:csv
--
Then each computer would generate its own file.

Known /formats are as follows.
htable
xsl
xml
hform
text
csv
(google for others)

I hope I have answered your questions.

--Kelly
0
 
LVL 4

Expert Comment

by:KellyCraig
ID: 17906682
PS: to get around permissions you can make a batch file on each machine set to append a network shared file and have it scheduled through schedule and tasks in control panel on each machien with each respective admin accounts, then you dont have to touch permission.
0
 
LVL 19

Author Comment

by:VoteyDisciple
ID: 17975051
Sorry for the delay in returning to this; I've been waiting for a discussion with the Systems people, who've now rejected the idea of allowing this kind of access.  This is a pretty good solution to the question I asked, though, so I'll just close this now.  Finding a way to do this without changes in permissions remains the much more difficult problem.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Memory (kernel) dump BSOD's 2X per week: Why? 40 148
Check network connectivity in DOS 11 108
Virtual Win Xp won't get an ip from DHCP 4 85
Decrypting the Zepto Virus 21 612
Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now