alternatively, just look into the registry at
hklm\software\microsoft\windows nt\currentversion\winlogon\defaultusername
this will tell who is actively logged in, as opposed to users logged in as services..
-----Original Message-----
From: Patrick J. LoPresti [mailto:[EMAIL PROTECTED]]
Sent: 10 March 2003 19:53
To: John Deretich
Cc: Perl-Win32-Admin-Request (E-mail)
Subject: Re: signoff message
John Deretich <[EMAIL PROTECTED]> writes:
> Hi Patrick,
>
> I tried using the following snippet
> of code in my script to determine
> who's logged on to there machine:
>
> if ( Win32::Lanman::NetWkstaGetInfo( $Machine, \%Info, $bExtendedInfo ) ) {
> print " $Info{computername} \n";
> print " $Info{logged_on_users} \n";
> }
>
> my manager wants me to go this way instead of sending a logoff
> message. But I am getting more than one user logged on to one
> machine, which it should be showing only one user logged on. Would
> you know why?
Yes. To paraphrase the Bard: "There are more users in heaven and hell
than are dreamt of in your philosophy."
I am attaching (once again) my little instances.pl script, which
enumerates all instances of any WMI class you pass on the command
line. Hm, maybe I should put this script up on the Web somewhere...
Anyway, if you run "instances.pl Win32_LoggedOnUser" on an XP system
named HOST in domain DOMAIN, you will see output like this:
Antecedent \\.\root\cimv2:Win32_Account.Domain="HOST",Name="SYSTEM"
Dependent \\.\root\cimv2:Win32_LogonSession.LogonId="999"
Antecedent \\.\root\cimv2:Win32_Account.Domain="HOST",Name="LOCAL SERVICE"
Dependent \\.\root\cimv2:Win32_LogonSession.LogonId="997"
Antecedent \\.\root\cimv2:Win32_Account.Domain="HOST",Name="NETWORK SERVICE"
Dependent \\.\root\cimv2:Win32_LogonSession.LogonId="996"
Antecedent \\.\root\cimv2:Win32_Account.Domain="DOMAIN",Name="luser"
Dependent \\.\root\cimv2:Win32_LogonSession.LogonId="1934903"
This represents four instances of the Win32_LoggedOnUser class. As
you can see, each of the SYSTEM, LOCAL SERVICE, and NETWORK SERVICE
accounts is logged on, and so is the normal user account DOMAIN\luser.
If you now run "instances.pl Win32_LogonSession", you will see
something like this:
AuthenticationPackage NTLM
Caption <undefined>
Description <undefined>
InstallDate <undefined>
LogonId 999
LogonType 0
Name <undefined>
StartTime 20030131091542.968750-300
Status <undefined>
AuthenticationPackage Negotiate
Caption <undefined>
Description <undefined>
InstallDate <undefined>
LogonId 997
LogonType 5
Name <undefined>
StartTime 20030131091546.187500-300
Status <undefined>
AuthenticationPackage Negotiate
Caption <undefined>
Description <undefined>
InstallDate <undefined>
LogonId 996
LogonType 5
Name <undefined>
StartTime 20030131091545.562500-300
Status <undefined>
AuthenticationPackage NTLM
Caption <undefined>
Description <undefined>
InstallDate <undefined>
LogonId 1934903
LogonType 2
Name <undefined>
StartTime 20030203130112.515463-300
Status <undefined>
You can use the LogonId field to line up the Win32_LoggedOnUser
records above with these Win32_LogonSession records. Here, for
example, the session for DOMAIN\luser has LoginId 1934903, and the
corresponding session has LogonType 2, which means "interactive". (By
contrast, logon type 5 means "service". See
http://msdn.microsoft.com/library/en-us/wmisdk/wmi/win32_logonsession.asp
for all of the possible types.)
You can use "instances.pl -r <machinename> <class>" to query a remote
machine like this. You will find that the interactive session
vanishes when the normal user logs off. But remember, the catch is
that these classes were introduced with XP, so none of this will work
on NT or 2000. There are probably some traditional Win32 API calls to
obtain similar information, but I do not know what they are, nor how
you might access them from Perl.
- Pat
The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised.if you are not the intended recipient, any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. Please note that any views, opinions or advice contained in this email are those of the sending individual and not necessarily those of the firm. It is possible for data transmitted by e-mail to be deliberately or accidentally corrupted or intercepted. For this reason, where the communication is by e-mail, J&E Davy does not accept any responsibility for any breach of confidence which may arise from the use of this medium. If you have received this e-mail in error please notify us immediately at mailto:[EMAIL PROTECTED] and delete this e-mail from your system.
