How do I locate (i.e. workstation name) a logged user?

[Vince C.]

Hi.

I'd like to know if there is a command that tells me the machine name a
given user is logged on. Is there such a command or script?

Thanks.

Vince C.

 

[Herb Martin]

I'd like to know if there is a command that tells me the machine name a

given user is logged on. Is there such a command or script?

From where are you running the script? From the user context the
environment variable %ComputerName% would be a trivial answer.

In general, you cannot even tell IF a user is logged on elsewhere (without
'visiting' each machine at least logically).

Users 'authenticate' on (or with) a domain, but they at the workstation.
You could Audit logons but even that is not reliable.

 

[Jerold Schulman]

Hi.

I'd like to know if there is a command that tells me the machine name a
given user is logged on. Is there such a command or script?

Thanks.

Vince C.

You could:

net send username ignore
nbtstat -c

This will unfortunatly send a message.

You could implement tip 3438 in the 'Tips & Tricks' at http://www.jsiinc.com

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Dave Patrick]

This may help.

http://www.sysinternals.com/ntw2k/freeware/psloggedon.shtml


--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft MVP [Windows NT/2000 Operating Systems]

 

[BerkHolz, Steven]

I usually check for the username in WINS.
I believe you can do that programmatically.

--
Steven BerkHolz
Do not send email to (e-mail address removed)
Send to Domain TESCOGroup dot com, username SB

Note: you may also want to know that you should never send mail to:
(e-mail address removed)
(e-mail address removed)-ass.net
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)-abuse.org
(e-mail address removed)
(e-mail address removed)

 

[Ray at]

I personally log everyone's login location to a share and then use an
intranet app to find the user's most recent login location or view the
user's whole login history. You don't have to bother with the intranet side
of things, but you could log everyone's login and then just look at the text
files to view logons.

for /f "tokens=5" %%t in ('echo.^|time') do set CurTime=%%t
REM Thank you Jerry Schulman
for /f "tokens=6" %%d in ('echo.^|date') do set CurDate=%%d
REM Thank you Jerry Schulman
echo %USERNAME% logged onto %COMPUTERNAME% at %CurTime% on
%CurDate%>>\\server\share$\%username%.log
echo %USERNAME% logged onto %COMPUTERNAME% at %CurTime% on
%CurDate%>>\\server\share$\%COMPUTERNAME%.log


Of course, with the permissions necessary, people can go in and delete the
files or mess with them if they want. But, aside from that, you'll have a
share that has logon histories for computers and users. You could separate
computers and users into different directories of course.

Ray at work

 

[Vince C.]

From where are you running the script? From the user context the
environment variable %ComputerName% would be a trivial answer.

In general, you cannot even tell IF a user is logged on elsewhere (without
'visiting' each machine at least logically).

Users 'authenticate' on (or with) a domain, but they at the workstation.
You could Audit logons but even that is not reliable.

Thanks, Herb. I'd like to run the script as an admin on any workstation. The
script should "inspect" remote W2K machines on the same domain.

Vince C.

 

[Vince C.]

This may help.

http://www.sysinternals.com/ntw2k/freeware/psloggedon.shtml

Thanks, Dave. Just what I needed.

Vince C.

 

[Vince C.]

Hi.

I'd like to know if there is a command that tells me the machine name a
given user is logged on. Is there such a command or script?

Thanks to all. System Internals has just the one tool I need.

Vince C.

 

[Jim Robinson]

You could:

net send username ignore
nbtstat -c

This will unfortunatly send a message.

You could implement tip 3438 in the 'Tips & Tricks' at
http://www.jsiinc.com

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

If both your system and the system the user is logged into are Win2k
or XP,

net send username ""

will resolve the name (if possible) without actually sending the
message.

 

[Ray at]

Do you know how many times I've net sended " " to people to find them and
not once ever thought to try it just as ""? I can't believe that. Thank
you Jim!

Ray at work

 

[Jim Robinson]

Do you know how many times I've net sended " " to people to find
them and not once ever thought to try it just as ""? I can't
believe that. Thank you Jim!

Ray at work

I'm not sure how or if it will work if the messenger service is shut
off on the target. That has not been an issue to date for me, but I
suspect it may become one, what with the proliferation of net send
SPAM. I'll have to test that.

 

[Ray at]

I'm not sure how or if it will work if the messenger service is shut
off on the target. That has not been an issue to date for me, but I
suspect it may become one, what with the proliferation of net send
SPAM. I'll have to test that.

Well, I just stopped the messenger service on a remote machine, purged by
cache with nbtstat -R (and verified), attempted to net send the machine, and
the machine name DID appear in the nbtstat -c listing after erroring on the
net send. Nice!

I don't see the messenger spam being an issue, since, well, I only net send
people on our private network where everything's behind a firewall anyway.

Ray at home

 

[Mark V]

Well, I just stopped the messenger service on a remote machine,
purged by cache with nbtstat -R (and verified), attempted to net
send the machine, and the machine name DID appear in the nbtstat
-c listing after erroring on the net send. Nice!

Amazing. And nice to know (for above reasons that service may be
disabled)!

I don't see the messenger spam being an issue, since, well, I only
net send people on our private network where everything's behind a
firewall anyway.

Side note: I was surprised to find that (W2K) NET NAME needed
MESSENGER Service running...

 

[Ray at]

Side note: I was surprised to find that (W2K) NET NAME needed
MESSENGER Service running...

Isn't that the point of NET NAME though to register messenger service names?
If so, I can see why the service would have to be running. It may cause a
bit of confusion if you see a bunch of <03>'s, but cannot net send the
computer. Or does NET NAME register that name in WINS or something too? It
doesn't do anything like that, does it?

Ray at home

 

[Mark V]

Isn't that the point of NET NAME though to register messenger
service names? If so, I can see why the service would have to be
running. It may cause a bit of confusion if you see a bunch of
<03>'s, but cannot net send the computer. Or does NET NAME
register that name in WINS or something too? It doesn't do
anything like that, does it?

I don't really know. (nbtstat?) I need to look into it a bit (when
time).
I thought NET NAME would just list registered NetBIOS names, period.
Without requireing MESSENGER. But that seems incorrect.
Your comments will be helpful. Thanks.

 

[MadDHatteR]

While there a several ways to query who is logged into a workstation, there
are no built-in tools to do the opposite (where a user is logged in). I've
heard of a tool called cconnect (if I am remembering right...) that may do
what you want.

A kind of kludge way to do the same is to look at the WINS entries on your
server (if you have WINS enabled) and see what IP is associated with the
username. This has the disadvantage of only keeping track of the most recent
place the user logged in. It won't keep track of multiple locations for a
user.

\\ MadDHatteR