After nbtstat was disabled by Microsoft you can now use a utility to search for usernames and PC's on the windows domain and see who is logged in.
Download the utilies from http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx
then run
psloggedon BrainCant -l ( find where user is logged in )
and see something replied back like
'LONDON\BrainCant logged onto ldn-sales-pc24 locally'
or psloggedon -l \\ldn-sales-pc24
loggedon v1.33 - See who's logged on
Copyright ⌐ 2000-2006 Mark Russinovich
Sysinternals - www.sysinternals.com
Users logged on locally:
Error: could not retrieve logon time
NT AUTHORITY\LOCAL SERVICE
Error: could not retrieve logon time
NT AUTHORITY\NETWORK SERVICE
13/07/2008 08:25:50 LONDON\BrianCant
Error: could not retrieve logon time
NT AUTHORITY\SYSTEM
Other useful utilities are included to run service remotely and dump event logs are useful too
Ie pslist \\ldn-sales-pc24
Process information for ldn-sales-pc24 :
Name Pid Pri Thd Hnd Priv CPU Time Elapsed Time
Idle 0 0 4 0 0 762:12:56.359 0:00:00.000
System 4 8 85 2606 0 9:49:53.109 0:00:00.000
smss 384 11 3 21 164 0:00:00.359 218:21:51.437
csrss 440 13 12 1024 1936 0:05:43.421 218:21:46.671
winlogon 464 13 23 668 10596 0:00:48.781 218:21:39.093
services 508 9 17 487 7556 0:25:07.546 218:21:38.937
lsass 520 9 22 716 5144 0:25:50.796 218:21:38.921
svchost 692 8 22 241 3028 0:00:09.875 218:21:38.249
svchost 740 8 11 552 2492 0:02:44.609 218:21:38.077
svchost 808 8 65 1707 19544 0:04:57.250 218:21:38.015
svchost 924 8 6 87 1412 1:59:58.000 218:21:37.968
svchost 972 8 18 348 3304 0:00:05.437 218:21:37.921
spoolsv 1128 8 12 199 6344 22:05:51.109 218:21:37.405
scardsvr 1176 8 10 109 944 0:00:00.375 218:21:37.343
residentAgent 1288 8 7 106 1152 0:00:03.984 218:21:35.405
DACS_S~1 1336 8 4 74 18100 0:01:25.000 218:21:35.312
GoogleUpdaterService 1388 8 9 188 2496 0:01:56.531 218:21:35.280
LocalSch 1416 8 4 51 520 0:00:13.343 218:21:35.249
pds 1456 8 4 63 940 0:00:01.265 218:21:35.218
tmcsvc 1540 8 12 102 4200 0:00:04.781 218:21:35.077
issuser 1568 8 7 95 1848 0:00:00.765 218:21:35.046
Matrox.PowerDesk.Services 1628 8 2 44 4328 58:59:40.953 218:21:35.
015
FrameworkService 1672 8 35 387 9272 0:02:24.437 218:21:34.983
Mcshield 1744 13 53 432 83476 0:15:50.281 218:21:34.718
VsTskMgr 1780 8 17 307 7388 0:02:57.281 218:21:34.671
MDM 1860 8 4 98 1048 0:00:00.578 218:21:33.749
svchost 1976 8 2 67 1088 0:00:03.812 218:21:33.421
svchost 1988 8 2 69 1196 0:00:01.781 218:21:33.343
sync 2044 8 5 191 1968 0:00:03.031 218:21:33.233
collector 404 8 1 53 604 0:00:04.906 218:21:32.796
SoftMon 668 8 5 88 40492 0:13:36.093 218:21:32.593
svchost 788 8 6 138 2692 0:00:17.250 218:21:32.562
wdfmgr 840 8 4 70 1496 0:00:00.359 218:21:32.343
rvd 1300 8 16 225 41232 2:02:13.812 218:21:30.218
rcgui 2784 8 2 42 1048 0:00:03.250 218:21:15.140
explorer 3868 8 13 520 14632 0:14:39.062 195:14:12.519
UdaterUI 4828 8 5 125 3232 0:00:11.343 195:14:11.394
shstat 3532 8 8 84 1780 0:00:01.250 195:14:11.332
Matrox.PowerDesk SE 3392 8 1 52 4572 0:00:15.296 195:14:11.300
Mctray 4236 8 1 25 564 0:00:08.687 195:14:11.160
SDClientMonitor 5176 8 1 38 864 0:00:04.125 195:14:11.035
SweetIM 3732 8 5 157 1956 0:00:06.078 195:14:10.566
jusched 5132 8 3 205 1716 0:00:06.781 195:14:10.535
aetcrss1 2492 8 2 64 884 0:00:04.093 195:14:10.504
RMC 656 8 26 814 38200 0:04:11.703 195:14:10.441
ctfmon 4068 8 1 188 1156 0:00:34.703 195:14:10.129
VideoAdvantage 4676 8 13 206 13844 0:01:12.296 195:14:09.769
ifagent 2028 8 3 71 876 0:00:14.046 195:14:09.347
YahooMessenger 4168 8 43 2331 37840 0:02:26.734 195:14:09.285
IEXPLORE 4628 8 14 1033 42216 0:04:59.687 195:13:43.218
OUTLOOK 3084 8 27 1175 106664 0:27:30.453 190:18:05.551
WINWORD 680 8 18 932 46992 0:02:50.546 190:17:52.831
pskill 680 \\ldn-sales-pc24
Saves your legs a bit, handy for remote support too
Ringo
No comments:
Post a Comment