How do I locate (i.e. workstation name) a logged user?

  • Thread starter Thread starter Vince C.
  • Start date Start date
V

Vince C.

Hi.

I'd like to know if there is a command that tells me the machine name a
given user is logged on. Is there such a command or script?

Thanks.

Vince C.
 
I'd like to know if there is a command that tells me the machine name a
given user is logged on. Is there such a command or script?
Click to expand...

From where are you running the script? From the user context the
environment variable %ComputerName% would be a trivial answer.

In general, you cannot even tell IF a user is logged on elsewhere (without
'visiting' each machine at least logically).

Users 'authenticate' on (or with) a domain, but they at the workstation.
You could Audit logons but even that is not reliable.
 
Hi.

I'd like to know if there is a command that tells me the machine name a
given user is logged on. Is there such a command or script?

Thanks.

Vince C.
Click to expand...

You could:

net send username ignore
nbtstat -c

This will unfortunatly send a message.

You could implement tip 3438 in the 'Tips & Tricks' at http://www.jsiinc.com

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
I usually check for the username in WINS.
I believe you can do that programmatically.

--
Steven BerkHolz
Do not send email to (e-mail address removed)
Send to Domain TESCOGroup dot com, username SB

Note: you may also want to know that you should never send mail to:
(e-mail address removed)
(e-mail address removed)-ass.net
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)
(e-mail address removed)-abuse.org
(e-mail address removed)
(e-mail address removed)
 
I personally log everyone's login location to a share and then use an
intranet app to find the user's most recent login location or view the
user's whole login history. You don't have to bother with the intranet side
of things, but you could log everyone's login and then just look at the text
files to view logons.

for /f "tokens=5" %%t in ('echo.^|time') do set CurTime=%%t
REM Thank you Jerry Schulman
for /f "tokens=6" %%d in ('echo.^|date') do set CurDate=%%d
REM Thank you Jerry Schulman
echo %USERNAME% logged onto %COMPUTERNAME% at %CurTime% on
%CurDate%>>\\server\share$\%username%.log
echo %USERNAME% logged onto %COMPUTERNAME% at %CurTime% on
%CurDate%>>\\server\share$\%COMPUTERNAME%.log


Of course, with the permissions necessary, people can go in and delete the
files or mess with them if they want. But, aside from that, you'll have a
share that has logon histories for computers and users. You could separate
computers and users into different directories of course.

Ray at work
 
Herb Martin said:
From where are you running the script? From the user context the
environment variable %ComputerName% would be a trivial answer.

In general, you cannot even tell IF a user is logged on elsewhere (without
'visiting' each machine at least logically).

Users 'authenticate' on (or with) a domain, but they at the workstation.
You could Audit logons but even that is not reliable.
Click to expand...

Thanks, Herb. I'd like to run the script as an admin on any workstation. The
script should "inspect" remote W2K machines on the same domain.

Vince C.
 
Vince C. said:
Hi.

I'd like to know if there is a command that tells me the machine name a
given user is logged on. Is there such a command or script?
Click to expand...

Thanks to all. System Internals has just the one tool I need.

Vince C.
 
You could:

net send username ignore
nbtstat -c

This will unfortunatly send a message.

You could implement tip 3438 in the 'Tips & Tricks' at
http://www.jsiinc.com

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
Click to expand...

If both your system and the system the user is logged into are Win2k
or XP,

net send username ""

will resolve the name (if possible) without actually sending the
message.
 
Do you know how many times I've net sended " " to people to find them and
not once ever thought to try it just as ""? I can't believe that. Thank
you Jim!

Ray at work
 
Do you know how many times I've net sended " " to people to find
them and not once ever thought to try it just as ""? I can't
believe that. Thank you Jim!

Ray at work
Click to expand...

I'm not sure how or if it will work if the messenger service is shut
off on the target. That has not been an issue to date for me, but I
suspect it may become one, what with the proliferation of net send
SPAM. I'll have to test that.
 
Jim Robinson said:
I'm not sure how or if it will work if the messenger service is shut
off on the target. That has not been an issue to date for me, but I
suspect it may become one, what with the proliferation of net send
SPAM. I'll have to test that.
Click to expand...

Well, I just stopped the messenger service on a remote machine, purged by
cache with nbtstat -R (and verified), attempted to net send the machine, and
the machine name DID appear in the nbtstat -c listing after erroring on the
net send. Nice!

I don't see the messenger spam being an issue, since, well, I only net send
people on our private network where everything's behind a firewall anyway.

Ray at home
 
Well, I just stopped the messenger service on a remote machine,
purged by cache with nbtstat -R (and verified), attempted to net
send the machine, and the machine name DID appear in the nbtstat
-c listing after erroring on the net send. Nice!
Click to expand...

Amazing. And nice to know (for above reasons that service may be
disabled)!
I don't see the messenger spam being an issue, since, well, I only
net send people on our private network where everything's behind a
firewall anyway.
Click to expand...

Side note: I was surprised to find that (W2K) NET NAME needed
MESSENGER Service running...
 
Mark V said:
Side note: I was surprised to find that (W2K) NET NAME needed
MESSENGER Service running...
Click to expand...

Isn't that the point of NET NAME though to register messenger service names?
If so, I can see why the service would have to be running. It may cause a
bit of confusion if you see a bunch of <03>'s, but cannot net send the
computer. Or does NET NAME register that name in WINS or something too? It
doesn't do anything like that, does it?

Ray at home
 
Isn't that the point of NET NAME though to register messenger
service names? If so, I can see why the service would have to be
running. It may cause a bit of confusion if you see a bunch of
<03>'s, but cannot net send the computer. Or does NET NAME
register that name in WINS or something too? It doesn't do
anything like that, does it?
Click to expand...

I don't really know. (nbtstat?) I need to look into it a bit (when
time).
I thought NET NAME would just list registered NetBIOS names, period.
Without requireing MESSENGER. But that seems incorrect.
Your comments will be helpful. Thanks.
 
While there a several ways to query who is logged into a workstation, there
are no built-in tools to do the opposite (where a user is logged in). I've
heard of a tool called cconnect (if I am remembering right...) that may do
what you want.

A kind of kludge way to do the same is to look at the WINS entries on your
server (if you have WINS enabled) and see what IP is associated with the
username. This has the disadvantage of only keeping track of the most recent
place the user logged in. It won't keep track of multiple locations for a
user.

\\ MadDHatteR
 
Back
Top