Re: How list all current logon NT domain users?
From: Chuck Chopp (ChuckChopp_at_rtfmcsi.com)
Date: 07/19/04
- Next message: Chuck Chopp: "Re: how to enumerate serial ports"
- Previous message: Phil Ten: "Re: ReadDirectoryChangesW seem to looses events?"
- In reply to: hooway: "Re: How list all current logon NT domain users?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 19 Jul 2004 09:15:45 -0400
hooway wrote:
> Sorry not use exact term to describe my problem.
>
> I searched the MSDN, and find that NetUserEnum() can return the user's
> last logon time, but not give the logoff time.
>
> Do you know any other way to get the logoff time, or know all user's
> current state: logon or logoff?
Unless you load some sort of software program on every single workstation in
the domain it is going to be impossible to obtain this information. In a NT
style domain or in AD, there's not continuous connectin to a server that is
required to exist while the user remains logged on to a workstation or TS
session. What this means is that once a user authenticates to the domain,
the domain controllers have no further requirement to know if that user is
still logged on to a workstation using the primary logon token that a domain
controller created for the user containing all of the access tokens
identifying that user, their logon mode and the groups to which they belong.
Combine this with other issues, such as the same user account may be
logged on simultaneously on multiple workstations and/or TS sessions and
that there's no requirement for cleanly logging off or for reporting back to
a domain controller when the user does log off and the problem is even
further compounded.
The best solution to this problem that I've seen is where you load an
"agent" on every single workstation, member server and domain controller.
This "agent" is just a program that captures logon and logoff information
for every single console session and TS session on each system that it is
running on and forwards that information to a central database that can be
queried. This allows you to obtain current logon information as well as
historical logon/logoff information for all users on all workstations,
termianl servers, member servers and domain controllers across your entire
domain.
Lacking that sort of agent and centralized database of logon/logoff
information, you could run a different sort of agent that you could talk to
on any given workstation to enumerate what users are logged on to the
workstation at any given moment in time, but you'd still have to be loading
an agent on all systems and would still have to query each individual
workstation. If a remote system has terminal services enabled on it then
the task is easy as you can use the WTS*() Win32 API functions to get the
information w/o loading a special agent on the remote system. However, this
doesn't get you information for WinNT v4.0 workstation/server, nor does it
get you information for Win2K Pro or Win2K servers w/o TS enabled. It will
get you information for all WinXP & Win2K3 systems, though.
HTH,
Chuck
-- Chuck Chopp ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com RTFM Consulting Services Inc. 864 801 2795 voice & voicemail 103 Autumn Hill Road 864 801 2774 fax Greer, SC 29651 Do not send me unsolicited commercial email.
- Next message: Chuck Chopp: "Re: how to enumerate serial ports"
- Previous message: Phil Ten: "Re: ReadDirectoryChangesW seem to looses events?"
- In reply to: hooway: "Re: How list all current logon NT domain users?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
