How to Find Out Who is Logged On at a Windows Computer

Sometimes it’s handy to find out who is logged on at a remote Windows computer. For example, before rebooting a critical server after hours, you might want to make sure your boss isn’t logged in at his computer.

In Linux, this is easy. You simply login to the remote computer with ssh (or telnet…yikes) and run the who command. For example:

me@bosscomputer:~$ who
boss   tty7         2008-10-16 07:57 (:0)
me   pts/0        2008-11-14 15:25 (mycomputer)

In Windows, I found two ways of doing this. Both ways work with Windows XP and Windows 2003 (and perhaps other versions too).

The first way uses the psloggedon command, which is part of the pstools suite created by Mark Russinovich. For example:

C:\tools\pstools>psloggedon.exe \\bosscomputer

loggedon v1.33 - See who's logged on
Copyright ⌐ 2000-2006 Mark Russinovich
Sysinternals - www.sysinternals.com

Users logged on locally:
11/14/2008 9:35:31 AM    MYDOMAIN\BOSS

In the example above, we see that my boss is currently logged into BOSSCOMPUTER and he logged in at 11/14/2008 9:35:31 AM.

Often, you’ll see error messages like these in the output, which you can ignore:

Error: could not retrieve logon time
NT AUTHORITY\LOCAL SERVICE
Error: could not retrieve logon time
NT AUTHORITY\NETWORK SERVICE

The neat thing about psloggedon is that it tells you not only about a logon from a user sitting in front of the computer but it can also tell you about remote logons to the computer via protocols like Remote Desktop Protocol (RDP). Here is an example of invoking psloggedon on a computer running Citrix Server (like Terminal Services):

C:\tools\pstools>psloggedon.exe \\citrixbox

loggedon v1.33 - See who's logged on
Copyright ⌐ 2000-2006 Mark Russinovich
Sysinternals - www.sysinternals.com

Users logged on locally:
11/14/2008 9:27:15 AM    MYDOMAIN\john
11/14/2008 6:44:56 AM    MYDOMAIN\mary
11/14/2008 6:29:42 AM    MYDOMAIN\steve
11/14/2008 6:34:21 AM    MYDOMAIN\martha

All of the users in the above example were logged in remotely (despite the misleading word “locally” in the output).

If you only care about logins from a user sitting in front of the computer, you can use another method: wmic.exe. For example

C:\tools\pstools>wmic /node:"bosscomputer" ComputerSystem GET UserName
UserName
MYDOMAIN\boss

In the above example, you can see that my boss is logged in at BOSSCOMPUTER. When using the wmic command, I recommend you get in the habit of wrapping the computer name in quotation marks. If you don’t, and the name contains a hyphen, you’ll see the error “Invalid Global Switch”.

If this tip helped you, please leave me a comment or send me an email!

Be Sociable, Share!

    1 comment to How to Find Out Who is Logged On at a Windows Computer

    • Anonymous

      Thanks for nice ideas!
      I use from server 2003 cmd:

      qwinsta /server:servername
      and
      rwinsta /server:servername #
      where # = session ID

    Leave a Reply

     

     

     

    You can use these HTML tags

    <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>