Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Networking Networking
Search Search
Search for:
Tech Support Guy > > >

Finding out who is logged into what (Active Directory/Win2K3 Servers)


(!)

vibe666's Avatar
vibe666 vibe666 is offline
Member with 35 posts.
THREAD STARTER
 
Join Date: Nov 2004
Location: Dublin, Ireland
Experience: IT Professional
14-Feb-2005, 06:11 AM #1
Finding out who is logged into what (Active Directory/Win2K3 Servers)
Does anyone know how I could implement something on my LAN to allow me to find out who is logged into what PC's?

I'm on a site with 1500 PC's at the moment, and I'm looking for something nice and simple to tell me that PC xxxxx has user yyyyy logged into it, or was the last person to log into it. This would give me a better idea of where each PC is when I have a need to find them.

I've had soem luck doing things manually when I'm able to connect to the PC by looking though the event viewer, but this is not practical on a large scale. Does anyone know how this could be done?

Maybe even a command that I could use to find out what network port/switch that PC is connected to. I know there must be some way of doing it, but there doesn't seem to be anyone here who's interested in finding out, because they aren't the ones running round looking for the PC's.

Sometimes, I've had to resort to remotely ejecting the CDROM drive tray to get someone's attention and sending them messages through net send to find out where a PC is.

I just want it to be easir!

thnx in advance.
blin's Avatar
blin blin is offline
Member with 272 posts.
 
Join Date: Aug 2003
Location: Chicago, USA
14-Feb-2005, 01:19 PM #2
if you have WINS server, winscl.exe command may help.
Monstrous Mi's Avatar
Monstrous Mi Monstrous Mi is offline
Senior Member with 623 posts.
 
Join Date: Jul 2002
Location: Ottawa, Canada
14-Feb-2005, 04:08 PM #3
vibe666's Avatar
vibe666 vibe666 is offline
Member with 35 posts.
THREAD STARTER
 
Join Date: Nov 2004
Location: Dublin, Ireland
Experience: IT Professional
25-Feb-2005, 11:39 AM #4
i was hoping for something free and simple if that's possible. getting money to spend on things like this is impossible.
StumpedTechy's Avatar
Computer Specs
Member with 7,213 posts.
 
Join Date: Jul 2004
Location: Central Florida
Experience: Advanced
25-Feb-2005, 11:45 AM #5
Vibe if you know the machine name and you want the loggedo n person curently all you need to do is at a command prompt "nbtstat -a Machine name" It will come back with the machine name and the user currently logged on. I actually wrote a simple batch file that allowed me to find all the people logged onto specific problem machines on our network years ago worked well enough.
Squashman's Avatar
Trusted Advisor with 19,645 posts.
 
Join Date: Apr 2003
Location: 1265 Lombardi Ave
25-Feb-2005, 11:49 AM #6
Couldn't you set a Domain Policy to audit account logon events.

Audit Account Logon Events

Last edited by LwdSquashman; 25-Feb-2005 at 12:40 PM..
Squashman's Avatar
Trusted Advisor with 19,645 posts.
 
Join Date: Apr 2003
Location: 1265 Lombardi Ave
25-Feb-2005, 12:08 PM #7
Quote:
Originally Posted by vibe666
Sometimes, I've had to resort to remotely ejecting the CDROM drive tray to get someone's attention and sending them messages through net send to find out where a PC is.

I just want it to be easir!

thnx in advance.
Maybe you need to document your network. I spent last year doing that where I work. I know where every computer is located. I know which Patch Panel they are located on and which switch they are connected to. Use descriptive names for you computers. Building, Room, Cubicle.

There is a program called NBTscan that will also do what you want it to do. Because most computers have NetBios over Tcp/IP enabled, you can scan an entire range of IP addresses and it will report back what the computer name is and who is logged onto it.

I don't know of any programs that can tell you what switch port it is hooked up to.
__________________
.
Squashman's Avatar
Trusted Advisor with 19,645 posts.
 
Join Date: Apr 2003
Location: 1265 Lombardi Ave
25-Feb-2005, 12:16 PM #8
I just remembered this program. I have always wanted to try this out. There are alot of programs that do this but most of them are not free. It may help you map out and document your network a little better.
http://www.kaboodle.org/index.html
Aaron_W's Avatar
Aaron_W Aaron_W is offline
Junior Member with 2 posts.
 
Join Date: Mar 2005
Experience: Has God Complex
01-Mar-2005, 06:26 PM #9
Netusers is your friend
I wrote a script awhile back for this, just ran it again right now still works. I dont think I ever finished it cause it looks like I am using way too many tokens and I didn't bother to consolidate the find strings. In any case it still works, enjoy.

Go get netusers.exe from optimumx. Cant provide you a like cause the anti-url code is still enabled for my account. Just do a google search for netusers.exe. The exe I have says it was written by the company optimumx.


Then run something like script below or just use netusers \\machinename


:start
echo .
echo Building file....
echo .
echo .

for /F "usebackq eol=T skip=3 delims=\\ " %%i IN (`net view`) do netusers \\%%i | findstr -v AUTHORITY | findstr -v \--- | findstr -v successfully | findstr -v Connecting >> wru.tmp
for /F "tokens=1,2,3,4,5,6,7,8,9,10,11,12,13,14 usebackq delims= " %%k IN (`type wru.tmp`) do (
rem echo k %%k l %%l m %%m n %%n o %%o p %%p q %%q r %%r s %%s t %%t u %%u v %%v w %%w x %%x
if '%%k' == 'Current' echo 
if '%%q' NEQ '' echo %%q
if '%%k' NEQ 'Current' if '%%k' NEQ 'Error' if '%%k' NEQ 'The' echo %%k
)

:end
if exist wru.tmp del wru.tmp
Squashman's Avatar
Trusted Advisor with 19,645 posts.
 
Join Date: Apr 2003
Location: 1265 Lombardi Ave
01-Mar-2005, 08:03 PM #10
I think NBTscan will do a much better job then your script, but that is just my opinion.

Code:
C:\nbtscan>nbtscan 192.168.0.100-200
Doing NBT name scan for addresses from 192.168.0.100-200

IP address       NetBIOS Name     Server    User             MAC address
------------------------------------------------------------------------------
192.168.0.119    SQUASH           <server>  SQUASHMAN        12-34-ba-c0-52-32
192.168.0.153    BUMBLE-BEE       <server>  BUMBLE-BEE       00-0f-1f-b3-b5-89

C:\nbtscan>
tnoonan's Avatar
tnoonan tnoonan is offline
Junior Member with 1 posts.
 
Join Date: Mar 2005
08-Mar-2005, 09:55 AM #11
Option Explicit

const COMMAND_EXEC = "NETSH WINS SERVER \\10.0.3.18 show name "
const COMMAND_VNC = "C:\Program Files\RealVNC\vncviewer.exe "
'const COMMAND_VNC = "C:\Program Files\ORL\VNC\vncviewer.exe "

Dim objWshShell , objExec, strUserName, strOutput, intLine, oshell
Dim intPosition, strIP, arrEntrySplit, strComputerName, intRemote

strUserName = InputBox("Please enter a user name:" & vbCRLF & vbCRLF & _
"(Press [ENTER] or click [CANCEL] to exit...)", _
"spoogenet.com", "")

Do While strUserName <> ""
Set objWshShell = CreateObject("WScript.Shell")
Set objExec = objWshShell.Exec (COMMAND_EXEC & strUserName & " 03")
For intLine = 1 To 4
objExec.StdOut.ReadLine
Next
If objExec.StdOut.ReadLine <> "The name does not exist in the WINS database." Then
For intLine = 1 To 5
objExec.StdOut.ReadLine
Next
strOutput = objExec.StdOut.ReadLine
If Left(strOutput,10) <> "IP Address" Then
strOutput = objExec.StdOut.ReadLine
End If
intPosition = InStr(strOutput, ":")
strIP = Right(strOutput, (Len(strOutput) - intPosition))
Set objExec = objWshShell.Exec("NBTSTAT -A " & strIP)
Do While Not objExec.StdOut.AtEndOfStream
strOutput = objExec.StdOut.ReadLine
If InStr(strOutput,"<03>") <> 0 Then
arrEntrySplit = Split(strOutput)
If UCase(arrEntrySplit(4)) <> UCase(strUserName) And _
UCase(arrEntrySplit(4)) <> UCase(strComputerName) And _
UCase(arrEntrySplit(4)) <> strComputerName & "$" Then
strComputerName = strComputerName & UCase(arrEntrySplit(4))
End If
End If
Loop
If strComputerName <> "" Then
MsgBox "The requested user '" & strUserName & _
"' is logged on to: " & strComputerName,,"User Computer Name Locator"
Else
MsgBox "The requested user '" & strUserName & _
"' doesn't appear to logged on to the network. "
End If
Else
MsgBox "The user was not found in the WINS database. ",, _
"User Computer Name Locator"
End If
Set objExec = Nothing
Set objExec = objWshShell.Exec (COMMAND_VNC & strComputerName)
WScript.Sleep 1000
objwshshell.Sendkeys("password")
WScript.Sleep 1000
objwshshell.SendKeys("{ENTER}")
WScript.Sleep 1000

'Send ctrl + alt + del to vncviewer
'objwshshell.Sendkeys("%^+{DEL}")
Set objExec = Nothing
strComputerName = ""
strUserName = InputBox("Please enter a user name:" & vbCRLF & vbCRLF & _
"(Press [ENTER] or click [CANCEL] to exit...)", _
"User Computer Name Locator", "")
Loop
Aaron_W's Avatar
Aaron_W Aaron_W is offline
Junior Member with 2 posts.
 
Join Date: Mar 2005
Experience: Has God Complex
09-Mar-2005, 11:10 PM #12
Quote:
Originally Posted by LwdSquashman
I think NBTscan will do a much better job then your script, but that is just my opinion.
Neat! Gimme!

No hard feelings about this script, like I said I wrote that at least 3 years ago.
Squashman's Avatar
Trusted Advisor with 19,645 posts.
 
Join Date: Apr 2003
Location: 1265 Lombardi Ave
09-Mar-2005, 11:54 PM #13
You will find nbtscan and many other great utilities on http://www.insecure.org

here is the direct link to it.
http://www.inetcat.org/software/nbtscan.html
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑