Where on a Windows server, can you see users and the devices they are logged into?
Not quite sure what you mean here. Are we talking Remote Desktop sessions, or just using a file share, or something else?
Users are logged into network computers. There is a Windows server.
Using the server, how can we tell:
Which devices is user plant logged into?
Which PCs is user Sally logged into?
Assuming you are using Active Directory and not a workgroup, you can enable audit event logging with group policy and then look at login events in Event Viewer. You wouldn’t be able to see if they are still logged in and just walked away as there is no logout event unless they explicitly log off.
There are third party tools that do a better job like https://www.netwrix.com/.
I’ve seen a list of which devices are currently on the network and which users are logged onto them.
Like:
Cecil-Cecil’s PC
Cecil-Cecil’s Iphone
Bill-Computer12
Sally-Computer 25
etc.
Are you looking for a way to do this or are you trying to figure out if the admin can see where/if you are logged in?
There are commands like NET SESSION, but that will only show user accessing a file share on a given computer. There is no single out-of-the box console built into Windows where I can see logged in users to different computers on a domain.
To add to that, your example of seeing who is logged into an iPhone makes no sense. iPhones are not user context devices and have nothing to do with Windows, other than possibly being assigned an IP address via DHCP or using RADIUS authentication for WPA2 Enterprise wifi.
Sally logged into her desk computer.
Sally logged into someone’s PC to check her email when she was away from her desk.
A week later, Sally changed her password.
Someone’s PC tries talks to the server with the wrong password. Sally’s account is locked.
I unlock her account. Rinse and repeat.
I have seen some sever display that shows devices on the network and who is logged into them.
I want to find the PC sally forgot she logged into a week ago and log her off.
Thanks.
Tracking down lockouts is a pain in the butt. Enable auditing on domain controllers and then check the event log for login failure.
How do we do that? I am a Novell admin guy.
Haven’t touched Novell since the mid-90s.
Take a look at Account Lockout Event ID: Find the Source of Account Lockouts
I’ve used this tool before (paid but it’s cheap). It scans the network using a variety of means and shows devices and logons.
Thanks!
Sally had another PC in another room for testing. I thought she had already logged on with the new password, but users exaggerate or do not understand. She is now logged onto the second PC, and her account remains unlocked.
Thanks again, everyone.
Just saw this thread. I realise it’s solved, but would the command “net session” executed on the server not have been the easy way?
I mentioned it in post 5, but the problem is the password had been changed and the user was getting locked due to password failure, so there wouldn’t be an active session.