|
Question : How to find out logged in users
|
|
Hey experts, i know there is probably a simple answer for this. I'm trying to find out how i can view the users info that are logged on to a win2k3 domain. I can view logins for file or resource accesses, but i want to be able to see the loged in users and maybe their MAC addresses.
|
Answer : How to find out logged in users
|
|
Well it's easy enough to create a login script that will create files for when people log in, but think about this: Being logged in only means a domain controller said you enter the password for your network account correctly and so the computer gives you a desktop and the profile for that user on it. At that point, the desktop/laptop doesn't communicate with the domain controller.. so the person can disconnect a laptop and go home, they can unplug the computer and there isn't anything to tell you that they are or aren't out there.. only a way to tell the last time they logged in and make an educated guess... Domain Controllers don't maintain some type of who is and isn't logged in they only give permission to computers to log in users and then there job is done. Until they try to access something on the network and then whatever they are trying to access says 'who are you' the desktop replies back with whatever you logged in with and then that server then asked some domain controller is this username/password vaild, if the domain controllers says 'yes' then the server allows access. So your question of 'who is currently logged in' isn't really possible because of how it works- another scenario is someone that suspends or hibernates their pc.. the computer is off but still got a valid 'login' when the user logged in, even though it's technically off and will come back up in a 'logged in' state (which will then reauthenticate against anything it accesses with whatever it 'remembers' being logged in with.
So because of how it works, no way to know 'who is logged in' only who logged in and when. You can use a login script with a simple batch file that echo's data out to a text file on a server.. I've used a line like this:
Echo %DATE% - %TIME% %USERNAME% logged into %COMPUTERNAME% using %LOGONSERVER% >>\\Atlantadc\who\%username%.%computername%.txt
This appends to a file so you get a running log, the filename is created with username.computername.txt and you can look at it's last modified time to quickly see who logged in to where and when. This appends to the file so it creates a running log of when they logged in and to where and using what domain controller- when you read the text of the file. Very basic but powerful and easy to implement and it quickly lets you know computer name user and time of a login. Getting a mac address is more tricky and will require you to get the information in the script and then to log it. KIX can do this but it's complicated as computers generally think they have more than one nic card so which one do you want the MAC for? the wireless, infared, vpn, bluetooth, etc.. windows see's these all as 'network connections'
Probably more information than what you expected and wow for 150 points.. LOL.. I'm going to stop now.
|
|
|
|