# Finding out who is logged into what (Active Directory/Win2K3 Servers)



## vibe666

Does anyone know how I could implement something on my LAN to allow me to find out who is logged into what PC's?

I'm on a site with 1500 PC's at the moment, and I'm looking for something nice and simple to tell me that PC xxxxx has user yyyyy logged into it, or was the last person to log into it. This would give me a better idea of where each PC is when I have a need to find them.

I've had soem luck doing things manually when I'm able to connect to the PC by looking though the event viewer, but this is not practical on a large scale. Does anyone know how this could be done?

Maybe even a command that I could use to find out what network port/switch that PC is connected to. I know there must be some way of doing it, but there doesn't seem to be anyone here who's interested in finding out, because they aren't the ones running round looking for the PC's.

Sometimes, I've had to resort to remotely ejecting the CDROM drive tray to get someone's attention and sending them messages through net send to find out where a PC is.

I just want it to be easir!

thnx in advance.


----------



## blin

if you have WINS server, winscl.exe command may help.


----------



## Monstrous Mi

How about this?

http://www.logicdevelopment.net/ADNM.php


----------



## vibe666

i was hoping for something free and simple if that's possible. getting money to spend on things like this is impossible.


----------



## StumpedTechy

Vibe if you know the machine name and you want the loggedo n person curently all you need to do is at a command prompt "nbtstat -a Machine name" It will come back with the machine name and the user currently logged on. I actually wrote a simple batch file that allowed me to find all the people logged onto specific problem machines on our network years ago worked well enough.


----------



## Squashman

Couldn't you set a Domain Policy to audit account logon events.

Audit Account Logon Events


----------



## Squashman

vibe666 said:


> Sometimes, I've had to resort to remotely ejecting the CDROM drive tray to get someone's attention and sending them messages through net send to find out where a PC is.
> 
> I just want it to be easir!
> 
> thnx in advance.


Maybe you need to document your network. I spent last year doing that where I work. I know where every computer is located. I know which Patch Panel they are located on and which switch they are connected to. Use descriptive names for you computers. Building, Room, Cubicle.

There is a program called NBTscan that will also do what you want it to do. Because most computers have NetBios over Tcp/IP enabled, you can scan an entire range of IP addresses and it will report back what the computer name is and who is logged onto it.

I don't know of any programs that can tell you what switch port it is hooked up to.


----------



## Squashman

I just remembered this program. I have always wanted to try this out. There are alot of programs that do this but most of them are not free. It may help you map out and document your network a little better. 
http://www.kaboodle.org/index.html


----------



## Aaron_W

I wrote a script awhile back for this, just ran it again right now still works. I dont think I ever finished it cause it looks like I am using way too many tokens and I didn't bother to consolidate the find strings. In any case it still works, enjoy.

Go get netusers.exe from optimumx. Cant provide you a like cause the anti-url code is still enabled for my account. Just do a google search for netusers.exe. The exe I have says it was written by the company optimumx.


Then run something like script below or just use netusers \\machinename


:start
echo . 
echo Building file....
echo . 
echo . 

for /F "usebackq eol=T skip=3 delims=\\ " %%i IN (`net view`) do netusers \\%%i | findstr -v AUTHORITY | findstr -v \--- | findstr -v successfully | findstr -v Connecting >> wru.tmp
for /F "tokens=1,2,3,4,5,6,7,8,9,10,11,12,13,14 usebackq delims= " %%k IN (`type wru.tmp`) do (
rem echo k %%k l %%l m %%m n %%n o %%o p %%p q %%q r %%r s %%s t %%t u %%u v %%v w %%w x %%x
if '%%k' == 'Current' echo 
if '%%q' NEQ '' echo %%q 
if '%%k' NEQ 'Current' if '%%k' NEQ 'Error' if '%%k' NEQ 'The' echo %%k
)

:end
if exist wru.tmp del wru.tmp


----------



## Squashman

I think NBTscan will do a much better job then your script, but that is just my opinion.



Code:


C:\nbtscan>nbtscan 192.168.0.100-200
Doing NBT name scan for addresses from 192.168.0.100-200

IP address       NetBIOS Name     Server    User             MAC address
------------------------------------------------------------------------------
192.168.0.119    SQUASH           <server>  SQUASHMAN        12-34-ba-c0-52-32
192.168.0.153    BUMBLE-BEE       <server>  BUMBLE-BEE       00-0f-1f-b3-b5-89

C:\nbtscan>


----------



## tnoonan

Option Explicit

const COMMAND_EXEC = "NETSH WINS SERVER \\10.0.3.18 show name "
const COMMAND_VNC = "C:\Program Files\RealVNC\vncviewer.exe "
'const COMMAND_VNC = "C:\Program Files\ORL\VNC\vncviewer.exe "

Dim objWshShell , objExec, strUserName, strOutput, intLine, oshell
Dim intPosition, strIP, arrEntrySplit, strComputerName, intRemote

strUserName = InputBox("Please enter a user name:" & vbCRLF & vbCRLF & _
"(Press [ENTER] or click [CANCEL] to exit...)", _
"spoogenet.com", "")

Do While strUserName <> ""
Set objWshShell = CreateObject("WScript.Shell")
Set objExec = objWshShell.Exec (COMMAND_EXEC & strUserName & " 03")
For intLine = 1 To 4
objExec.StdOut.ReadLine
Next
If objExec.StdOut.ReadLine <> "The name does not exist in the WINS database." Then
For intLine = 1 To 5
objExec.StdOut.ReadLine
Next
strOutput = objExec.StdOut.ReadLine
If Left(strOutput,10) <> "IP Address" Then
strOutput = objExec.StdOut.ReadLine
End If
intPosition = InStr(strOutput, ":")
strIP = Right(strOutput, (Len(strOutput) - intPosition))
Set objExec = objWshShell.Exec("NBTSTAT -A " & strIP)
Do While Not objExec.StdOut.AtEndOfStream
strOutput = objExec.StdOut.ReadLine
If InStr(strOutput,"<03>") <> 0 Then
arrEntrySplit = Split(strOutput)
If UCase(arrEntrySplit(4)) <> UCase(strUserName) And _
UCase(arrEntrySplit(4)) <> UCase(strComputerName) And _
UCase(arrEntrySplit(4)) <> strComputerName & "$" Then
strComputerName = strComputerName & UCase(arrEntrySplit(4))
End If
End If
Loop
If strComputerName <> "" Then
MsgBox "The requested user '" & strUserName & _
"' is logged on to: " & strComputerName,,"User Computer Name Locator"
Else
MsgBox "The requested user '" & strUserName & _
"' doesn't appear to logged on to the network. "
End If
Else
MsgBox "The user was not found in the WINS database. ",, _
"User Computer Name Locator"
End If
Set objExec = Nothing
Set objExec = objWshShell.Exec (COMMAND_VNC & strComputerName)
WScript.Sleep 1000	
objwshshell.Sendkeys("password")
WScript.Sleep 1000
objwshshell.SendKeys("{ENTER}")
WScript.Sleep 1000

'Send ctrl + alt + del to vncviewer
'objwshshell.Sendkeys("%^+{DEL}")
Set objExec = Nothing
strComputerName = ""
strUserName = InputBox("Please enter a user name:" & vbCRLF & vbCRLF & _
"(Press [ENTER] or click [CANCEL] to exit...)", _
"User Computer Name Locator", "")
Loop


----------



## Aaron_W

LwdSquashman said:


> I think NBTscan will do a much better job then your script, but that is just my opinion.


Neat! Gimme!

No hard feelings about this script, like I said I wrote that at least 3 years ago.


----------



## Squashman

You will find nbtscan and many other great utilities on http://www.insecure.org

here is the direct link to it.
http://www.inetcat.org/software/nbtscan.html


----------

