Solved

Find the pc that the domain user is logged into

Posted on 2008-10-21
23
712 Views
Last Modified: 2012-06-27
Hi Experts.  I have read several other questions that are similar in nature from Google, EE and so on.  I promise I have at least tried to find the answer on my own but I can't find a tool/solution that works in this environment.

I am working at a state agency that does not have permission to the DC.  We are a 200+ Windows XP/2003 AD environment scattered among 6 floors.  What I am trying to do is find the name of the computer that a user is logged into.  Easy enough but I can't seem to match up the tools and scripts to do it.

I've tried:  nbtscan, psloggedon, net session and followed the links to several other apps that are no longer available.

To get the points, please post how I can find this.  If you suggest a script, please provide it (I suck at scripting) or if it's an app, please make sure the link is valid.

Thanks in advance for your help!
0
Comment
Question by:samiam41
  • 12
  • 8
  • 3
23 Comments
 
LVL 4

Expert Comment

by:Patrick49er
Comment Utility
Well, you can use nbtstat -a, which will give you the remote machine's name table given the name of the machine (which can include the logged on user) or use the -A, which will give you the same information given the machine's IP address.  You would have to test to see if you get the name or able to use that tool with your environment before I would create a batch script for you to run and get a text file with the information.

Why can't you run psloggedon?  That is the tool of choice for me in my environment, but then I also have access to my DCs.
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
I don't have access to the DC from where I'm at so that kills that tool.  In this scenario, I only know the user's name, not the machine he is logged into.  He is violating a Websense policy and am only given the username, not the offending pc.  I'm sure if I did a lot of digging I could get to it but I was hoping there might be an easier way.

0
 
LVL 3

Expert Comment

by:Dicanio37
Comment Utility
try this lttle gem of a tool.
Angry IP scanner
http://www.angryziber.com
It will need to be on the same network as the one you need PC info for.
You will need to go into options and set it to show the user collum .
Im sure it will help
0
 
LVL 3

Expert Comment

by:Dicanio37
Comment Utility
You could also look in computer manager on the server. in shared folders>sessions. But obviously you will only see him if he is on a network share.
0
 
LVL 4

Expert Comment

by:Patrick49er
Comment Utility
I know you said psloggedon didn't work for you because you don't have access to the DC, but did it bring up a specific message?  Did nbtstat work?
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
@ Dicanio37:  I downloaded and am running the tool now.  I didn't see where "options" was listed, only preferences and feeders.

@ Patrick49er:  When I ran psloggedon, it ran against every DC in our state's forest.  Somehow the IDS didn't trip.  How can I narrow it down to a DC or at least a domain?

0
 
LVL 4

Expert Comment

by:Patrick49er
Comment Utility
if you know computer names, you can use the command:

psloggedon -l -x \\computername

That will just list the name of local logons only and no logon times.  This may stop the enquiry to the DCs.
0
 
LVL 4

Expert Comment

by:Patrick49er
Comment Utility
If that works on an individual computer, I can write you a batch that will take a list of names and then run that against the list.
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
Yeah I wish I knew the computer name, I just have his username.  I want to know where that little sucker is.

Let me try a different approach.  Could I run psloggedon through a script that checks the computers listed in a text file remotely?

Using something like psexec?
0
 
LVL 3

Expert Comment

by:Dicanio37
Comment Utility
Are you downloading the beta or the stable one.
I use the older but stable version 2.21.
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
Hahahaha!!  Awesome.  I posted that as I got a notice an expert responded.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 9

Author Comment

by:samiam41
Comment Utility
That would have been the younger, unstable one.  D@ng!  Let me try the other one.

I thought I would be a pioneer (not really) and run psexec \\remotepc -c pslogged on a computer here and so far the command prompt is hung.  So again, my lack of good scripting skills has limited my experimenting.  If it weren't for servers and networks, I would be mowing grass and picking up garbage in the park.
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
I will have to downloaded that file to my home pc, remote into the home pc from here, rename the file and email it back to myself.  I just got the block page from the state when attempting to download the file.  
0
 
LVL 4

Accepted Solution

by:
Patrick49er earned 500 total points
Comment Utility
What I meant is if you know the computer names on your network.  I know you don't know which computer the person is on, but if you know what computers are on the network then I can write a batch file that takes the list and runs it against psloggedon.  I just need to know if that command works against a specific computer.  So basically you can take a list of known computer names, run that in a script that takes it and runs psloggedon till it finishes the list.  Something like the following:

for /F %%c in (C:\Lists\Computer_Names.txt) do (
    set comp=%%c
    call :Check_Names
  )
goto :eof

:Check_Names
  C:\Lists\psloggedon -l -x \\%comp% > C:\Logged_On.txt
goto :eof
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
@ Patrick49er:  : )  My bad.  Yes, I ran a script on the DC and dumped all computer accounts for my domain into a text file.  

I will run the scripted you posted now and post the results.
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
@ Dicanio37:  I tried a different site and was able to download it here.  After running the scan, I noticed there are no details listed (MAC, user, Host name)...  I did read more on that angryip site and noticed that the messaging service has to be enabled.  I verified on two different pc's that they are disabled.  Any idea if that would cause the problem?  I have no idea why we would have disabled that service.
0
 
LVL 4

Expert Comment

by:Patrick49er
Comment Utility
I disable the messaging service here because of increasing the security while surfing.  That service was used for some nefarious activities while surfing.  It would use that service to pop up some dialog boxes.  So, your Net Admin folks who put out the GPOs probably did what I did and disable that via GPO.
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
I created those policies a couple of years ago when we went from NT4 (the agency here skipped W2K for whatever reason) to the state's Win 2003 forest.  I made so many changes since then on those policies that I couldn't remember why I would have killed that (oversight) but your probably dead-on with the added security while browsing.  

I ran your script and had to make one minor change.  The log file output needed >> instead of >.  Each entry would overwrite the previous entry.  The >> appends to it now.

I like the script.  Very good.  Are the results that are produced a list of users that have logged in to that pc before or they are logged into it now?
0
 
LVL 4

Expert Comment

by:Patrick49er
Comment Utility
Heh...good call.  I forgot about the >>.  The list is of those users currently logged on.
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
Bingo!  That's what I needed.  I will award you the points even though you are a 49er fan (Car. Panther fan here)  I always mix up the >> and >

Glad to work with you both.  I appreciate your time and suggestions.  The ipscan and angry util were great but I ended up needing the script to find the user.  

Take care guys!
0
 
LVL 9

Author Closing Comment

by:samiam41
Comment Utility
Great work!  That was exactly what I needed and will be adding it to my toolkit.  Once I doc it out a little bit, I will give it to the helpdesk to use.  Take care and good luck this season!

-Aaron
0
 
LVL 4

Expert Comment

by:Patrick49er
Comment Utility
Heh...cool deal, Samiam.  You should give me condolesences since I haven't had a great team year since Steve Young left the 9ers. :(  Oh the long dry years; how they suck!  ;)
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
Yeah, I really thought Smith was going to make a difference for your team.  What the h3ll happened with that?  I remember looking at the football schedule and thinking, oh crap, we have to play the 49ers in week x and week y.  Now I am a little more optimstic.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now