Windows – Getting the currently logged-in user to a Windows XP Pro system

nagiossnmpwindowswindows-xp

We have a XP machine which runs scheduled tasks early in the morning and unfortunately has to be logged into the desktop of a certain user for that to work. Unfortunately, that user sometimes gets logged out—either from an administrator logging in (and forgetting to log back in the correct user), or from it being restarted to apply security updates, etc.

I'd like to have Nagios monitor the currently logged in user, to confirm its the right one. Nagios is running on Linux.

So far, I've looked for an SNMP variable with the current user; I've had no luck. I tried snmpbulkwalk -m all -v2c -c community machine and grep'd it for the user name, and also did a before login & after login, and checked the diff, and found nothing useful.

I checked the net command (from Samba), but I don't see anything there—though I admit its possible I missed something. The various session options seem to only display the net session (even when I use my domain admin account).

Best Answer

%WINDIR%\System32\dllcache\query.exe session will give you a list of all the currently logged on users on WinXP.

For some reason, query.exe was not in my path environment variable on my WinXP test machine so that is why I specified the entire path.

query

If you need something that is capable of getting this information remotely over RPC/DCOM, then check out a couple of things I wrote:

http://myotherpcisacloud.com/post/2013/01/16/Usersexe-v1003.aspx

http://www.myotherpcisacloud.com/post/2013/01/13/Getting-RDP-Sessions-with-Client-Computer-Name.aspx

By the way, you need to get off of XP ASAP. It's very old.

Edit: OK, I am going to give you another alternative since none of this has helped you yet. You want to query this WinXP machine over the network using your Linux machine. You want to use WMI. You have found a WMI client for Linux. So far so good.

This will get you currently logged on users of a local or remote machine through WMI WQL queries. I wrote this in Powershell. Sorry, I won't (read: can't) convert it to Perl or Bash for you, but the concept is what is still the same as long as you can do WQL queries:

$Sessions = Get-WMIObject -Query "SELECT * FROM Win32_LogonSession WHERE LogonType=2 OR LogonType=10"
Foreach($Session In $Sessions)
{
    If($Session -AND $Session.PSObject.Properties.Match('LogonId').Count)
    {
        Get-WMIObject -Query "Associators Of {Win32_LogonSession.LogonId=$($Session.LogonId)} WHERE AssocClass=Win32_LoggedOnUser Role=Dependent"
    }
}

LogonTypes of 2 and 10 cover both local and remote interactive sessions, but not service logons, network logons, or batch logons.

Yes, you do need permissions to access the WinXP machine. It's not just going to cough up all this data for an anonymous network process. The local groups on WinXP are not very granular, because WinXP is very old, and its security is far inferior to that of modern versions of Windows... my point being that putting your network monitoring user in the local Admins group of the WinXP machine may be your best option. But I commend you if you still want to go with the principle of least privilege, in which case, you can use the WMI Control Console, wmimgmt.msc, and set the permissions to exactly whatever account you want to assign the permissions to.

Best Answer

Related Solutions

Windows – Useful Command-line Commands on Windows

Check users currently logged in on a remote system with Nagios

Related Topic