Re: Getting a list of logged on users and hosts
From: Eugene Gershnik (gershnik_at_hotmail.com)
Date: 03/28/04
- Previous message: Doron Holan [MS]: "Re: USB Interrupt and Surprise Removal"
- In reply to: Slava M. Usov: "Re: Getting a list of logged on users and hosts"
- Next in thread: Slava M. Usov: "Re: Getting a list of logged on users and hosts"
- Reply: Slava M. Usov: "Re: Getting a list of logged on users and hosts"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 28 Mar 2004 10:07:41 -0800
Slava M. Usov wrote:
> "Eugene Gershnik" <gershnik@hotmail.com> wrote in message
> news:#J9C#FIFEHA.3096@TK2MSFTNGP11.phx.gbl...
>
> [...]
>
>> 2 and 3 are just subsets of 1. Any logon ultimately will go through
>> LsaLogonUser.
>
> True, but beside the point. The point is that there are a few
> different well-known definitions of "logon", and it was not clear
> at all which one was used by the OP.
True.
> You seem to be preferring #1,
> which is technically the "ultimate" definition, but it is useless
> in the context of "Getting a list of logged on users and hosts",
> emphasis oh "hosts". More on that below.
>
>> Not necessarily. If a user connects to an arbitrary service that
>> calls LogonUser and executes operations on his behalf (as IIS can
>> do) the user has a well defined host name. However, this situation
>> is not covered by cases 2 and 3.
>
> Yes it is. It is case 2, the host being "local machine".
Well technicaly all logon sessions are on local machine. The human user is
not.
>> If a user logs on to his workstation there will be a temporary
>> logon seesion creating on one of domain controllers. On the DC the
>> user has a well defined host name but this is again nether 2 nor 3.
>
> I don't think it works that way. The LSA of a DC does not have to
> log the user on locally; it only needs to authenticate the user by
> verifying his username and password, without creating a logon
> session. Even if it were actually created, then it would be type 3.
On DC a network logon session _is_ created for every NT workstation logon.
AFAIK it doesn't have to involve Lanman sessions.
>> What I am trying to say that there is no generic way to know the
>> host of the user on whose behalf LsaLogonSession executes.
>> Only if you make some simplifying assumtions like 2 and 3 above
>> this becomes possible.
>
> As far as the LSA is concerned, a logon session is always local. It
> is always the user of the LSA that is responsible for "remote logon
> sessions". There are a few standard components that create logon
> sessions for remote users [TS, LANMAN], and those components do let
> you retrieve the host name of a logon session.
Every component, standard or not, that deals with remote users will probably
include some way to do that. (Except Netlogon which seems to loose this
infomation along the way).
> I understand that
> there is no generic way of getting the host names of "remote logon
> session" created by some non-standard components, just like there
> is no generic way of getting the screen resolution and color depth
> of a remote user [while there is when the user is connected through
> TS, a standard component].
I don't think the analogy is valid but why won't we wait for the OP to shed
light on that?
-- Eugene
- Previous message: Doron Holan [MS]: "Re: USB Interrupt and Surprise Removal"
- In reply to: Slava M. Usov: "Re: Getting a list of logged on users and hosts"
- Next in thread: Slava M. Usov: "Re: Getting a list of logged on users and hosts"
- Reply: Slava M. Usov: "Re: Getting a list of logged on users and hosts"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
