Solved

Detect Remotely if ANY User is Logged In

Posted on 2006-11-01
6
805 Views
Last Modified: 2010-05-18
This one can either be fun, or a pain in the neck.  It started out fun; now it's a pain in the neck so I'm gonna pass it on to you Experts.


I need a way to detect, remotely, whether a Windows XP computer is "in use" -- that is, whether somebody is presently logged-in.  The query that determines this might come from anywhere within the local network.

I do NOT necessarily need to know WHO is logged in.  That clearly raises some security and privacy concerns I'd best avoid.  I certainly won't consider it a deal-breaker to find a solution that happens to give me a username, but that's not really what I'm after.

I want to do this without exposing the system "in any way" -- that is, I don't want to have to poke new holes in existing security.  If it's necesasry to poke holes, I'd like to poke a really tiny one that allows only this information out.  I've found solutions, for example, that would allow remote querying of the entire registry; I don't consider that acceptable.


In case you'll find it inspirational, here's WHY I want to do this:

I have an application used in university computer labs that does things like take attendance, keep track of which students have questions, helps students find teaching assistants who are on-duty for their classes, et cetera.  This is a program students seeking help explicitly run from the desktop.  Obviously once it's running (and connected to a central server) I have all the information I need.

There are often students using computers who aren't in a class, though -- students who are just peacefully writing essays on, say, privacy rights.  I don't need (I don't WANT) detailed usage information from these people; they won't be running the application, so all is well.

The missing piece (what I'm asking you to find) is to tell me that somebody is logged-in to a computer who ISN'T running my application.  This allows me to answer questions like, "Are there enough free seats right now for a class of 30 people, or will we have to ask people to leave?"


Be aware that I've tried several potential solutions to this already without success, but will happily try several more if there's still hope of finding an answer.
0
Comment
Question by:VoteyDisciple
  • 3
  • 3
6 Comments
 
LVL 4

Accepted Solution

by:
KellyCraig earned 500 total points
ID: 17850587
run this in your script.

wmic.exe computersystem get UserName

if you want to output it to a file, just do one of these

wmic.exe computersystem get UserName > tothisfile
wmic.exe /append:pathtofile computersystem get UserName /format:xsl

If you need to knwo more, you can just run wmic.exe at the command prompt and type /?


PS: the command will return a value like this.

Username
KCDN-EVO\User

If no one is on, it will say

Username

XD
--Kelly
0
 
LVL 19

Author Comment

by:VoteyDisciple
ID: 17851196
That works correctly on my local machine, but on other machines (on which I do not have an account) I get an "Access is denied" response.  Of course, this is unsurprising.

What would I need to change on lab machines (which do not really have local users besides an administrative account) to allow this particular command to go through?
0
 
LVL 19

Author Comment

by:VoteyDisciple
ID: 17903673
Since I haven't heard anything here in a while I'm going to assume I've just phrased my question poorly and ask to have this one deleted unless anybody has any brilliant ideas forthcoming?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 4

Expert Comment

by:KellyCraig
ID: 17906676
Oh, yes, I am very sorry.
In order to poof the Access Denied error you would need to Right click the "My Computer" icons on each machine, select Manage and on the window that pops up there will be a navigation bar to the left.
Here you can either add \EVERYONE to the list of Administrative users, or you can click WMI Controls on the nav bar, and change the permissions manually on who can perform what Queries.
You can use that to assign permissions.

Ideally adding EVERYONE to the admin group or making an account on each of those machine with the same username/password as the machine you plan to run the scans from and adding that to the admin group.The command you'll want to run is something like this in batch file format.

--
for /F %%i in (\\computer\share\computers.txt) do (
      echo Processing %%i...
      wmic /Failfast:on /node:"%%i" /append:"\\computer\share\ouput.csv" computersystem Get UserName /format:csv
)
--

That would create a new line in the csv file for every machine in the computer.txt file.
Now, the fun thing is you can output it in any file in any format.
I chose csv as it is the easiest to play with if you are programming.
you can use /ouput:"file.something" however it will overwrite the file thus you would do a command liek this with output
--
wmic /Failfast:on /node:"%%i" /output:"\\computer\share\%%i_ouput.csv" computersystem Get UserName /format:csv
--
Then each computer would generate its own file.

Known /formats are as follows.
htable
xsl
xml
hform
text
csv
(google for others)

I hope I have answered your questions.

--Kelly
0
 
LVL 4

Expert Comment

by:KellyCraig
ID: 17906682
PS: to get around permissions you can make a batch file on each machine set to append a network shared file and have it scheduled through schedule and tasks in control panel on each machien with each respective admin accounts, then you dont have to touch permission.
0
 
LVL 19

Author Comment

by:VoteyDisciple
ID: 17975051
Sorry for the delay in returning to this; I've been waiting for a discussion with the Systems people, who've now rejected the idea of allowing this kind of access.  This is a pretty good solution to the question I asked, though, so I'll just close this now.  Finding a way to do this without changes in permissions remains the much more difficult problem.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now