RE: Remotely check login status

["Jeremi Gosney" <Jeremi.Gosney () motricity com>]

I guess it depends on your organization, but your administrator(s) should have privileges on your system. Either way, 
if your organization uses any sort of SSO like LDAP or AD then anyone should be able to do what you're asking.

If you have a Linux system you probably authenticate through LDAP, which means unless you have otherwise denied them 
access anyone on the domain can authenticate to your system and run 'who', 'w', or 'last'. Even if you have explicitly 
denied all users but yourself access to your system through PAM, the root LDAP user will still have access to your 
system.

If you have a Windows system, anyone on the domain will be able to use a tool like 'psloggedon' to see if you're logged 
in. In fact, nearly all of the Sysinternals PsTools should work for an unprivileged user with the exception of maybe 
psexec, psshutdown, and pssuspend, which means that anyone in the office should be able to not only see that you're 
logged in, but what processes are running, what services are started, and view the event log on your machine.

Of course, if you are bringing a laptop to work every day then all someone has to do to see if you're in the office is 
ping your laptop :)


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Christian Eibl
Sent: Wednesday, January 21, 2009 2:39 AM
To: security-basics () securityfocus com
Subject: Re: Remotely check login status

Hi all,

thank you for your suggestions on this topic.

Maybe I can re-formulate the problem I was thinking about:
I thought about possibilities to check whether a user is currently logged onto a system that cannot be directly 
accessed by the controller himself. This means, assuming I am allowed to configure my office computer just as I like, 
e.g., using Linux while all other boxes run Windows or similar. Has anyone on the network, e.g., the admin or my boss, 
any possibility to check whether I am already (or
still) in my office? Again, the other way round would be interesting as well, so Windows on remote machines is also to 
be considered. Don't get me wrong, I would be glad if this cannot be done, but I am curious about this issue and have 
no further idea...

The already mentioned tools all seem to depend on access privileges to the remote computer which cannot be assumed 
here. Does anybody also know how to check login status in such a scenario? The mentioned tools do not seem to work 
correctly with this. Thanks a lot.

Regards,
Christian