Security Basics mailing list archives
RE: Remotely check login status
From: "Jason Hurst" <Jason.Hurst () PandaRG com>
Date: Mon, 19 Jan 2009 15:59:39 -0800
Hi List, For Windows machines, you can download the Sysinternals suite from Microsoft. http://technet.microsoft.com/en-us/sysinternals/0e18b180-9b7a-4c49-8120- c47c5a693683.aspx Once downloaded, one of the utilities is called PSLOGGEDON. You can type PSLOGGEDON \\computer_name or IP_address and it will tell you who is logged on to that machine. Hope that helps. Jason Hurst Network Security Administrator Panda Restaurant Group jason.hurst () pandarg com Work: (626) 799-9898 ext. 8662 Direct: (626) 372-8038 Fax: (626) 372-8397 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Francesc Vila Sent: Monday, January 19, 2009 11:42 AM To: Christian Eibl Cc: security-basics () securityfocus com Subject: Re: Remotely check login status Hi christian Well, I am not a windows expert, and I don't know what command you could use (but I'm pretty sure there is some). In linux, solaris, bsd (as I am aware) you could use the w command to see who is logged in. I'm not sure if you're asking about this.... but well, you have to be careful because if you are looking for someone who has penetrated in the system, the output could be incorrect.... Francesc On Sat, Jan 17, 2009 at 10:41 PM, Christian Eibl <chreibl () gmx de> wrote:
Hi all, I was wondering, if there exist means of checking remotely whether
someone
is already logged onto the system. Since most modern systems today
need
users to input their authentication data instead of automatically
provide
full access, there obviously are different states in the operating
systems,
i.e., just completely started up or even with users active in the
system.
This question does not aim at a specific OS but is meant for all
systems.
The most obvious way of such checks would consist of specific network services only started by certain users on the systems. Well, I am no Windows geek, but I could also imagine that file or printer sharing together with this port 139 / 445 stuff could provide information
about
this, but I am not sure... Anyone an idea how or whether this is possible? It is especially
interesting
concerning privacy within networks. Regards, Christian
Current thread:
- Remotely check login status Christian Eibl (Jan 19)
- Re: Remotely check login status Francesc Vila (Jan 19)
- RE: Remotely check login status Jason Hurst (Jan 20)
- RE: Remotely check login status Chadha, Sachin (Jan 20)
- RE: Remotely check login status Jason Hurst (Jan 20)
- Re: Remotely check login status Meta Junkie (Jan 19)
- Re: Remotely check login status Salvador III Manaois (Jan 20)
- Re: Remotely check login status Nikhil Wagholikar (Jan 20)
- RE: Remotely check login status Dan Denton (Jan 20)
- Re: Remotely check login status Christian Eibl (Jan 21)
- RE: Remotely check login status Jeremi Gosney (Jan 21)
- <Possible follow-ups>
- Re: Remotely check login status chmod177 (Jan 21)
- Re: Remotely check login status Francesc Vila (Jan 19)