Extracting the name of a logged in user on a remote w2k workstation

Zenistar has asked for the wisdom of the Perl Monks concerning the following question:

I am currently writing a script that performs a number of auditing tasks for a Windows NT / 2000 network. One problem I am having is extracting the username of the account that is actually logged in and working on the remote pc.

I've been trying to use Win32::NetAdmin::LoggedOnUsers which works well apart from it returns a hash containing all of the accounts logged in from the workstation e.g. system accounts that are used with services etc.

Is there anyway I can either extract the username from the machine directly or extract the information from the remote pc's enviroment variables as USR_ID and USERNAME set correctly.

Many thanks.

Comment on Extracting the name of a logged in user on a remote w2k workstation

Replies are listed 'Best First'.
Re: Extracting the name of a logged in user on a remote w2k workstation by benn (Vicar) on Aug 17, 2003 at 15:34 UTC
The NT Admin section of Code Catacombs has a bunch of scripts (mainly contributed by idnopheq ) which not only grab the logged in users, but shows login times etc. as well. Not being an NT person, I couldn't tell you exactly how useful this could be, but it seems to me that system accounts would be likely to show a login time of "last reboot" (or soon after), whilst 'real' users would log in at some time after this. In addition, there's lastlogin for NT/2K, which shows "the last logon date for each user in the local host's user database." Some combination of these would appear to allow you to deduce the currently logged-in user. May it not also be possible to simply enumerate system accounts and remove them from your list? HTH, Ben.	[reply]
Re: Re: Extracting the name of a logged in user on a remote w2k workstation by Zenistar (Initiate) on Aug 17, 2003 at 15:46 UTC
Thanks for the reply Ben, I have browsed through the scripts you mention and I have gained a few pointers. The workaround im trying at the moment grabs a hash of all accounts logged into the pc and then grabs a list of all services with specific accounts that are not local system so that I can elimitate some accounts from the hash. I was hoping that somone would have a 'nice' way around this. Perfect solution would be to grab %USERNAME% from the local enviroment variables, but this doens't seem possible. Thanks again for your imput.	[reply]
Re: Re: Re: Extracting the name of a logged in user on a remote w2k workstation by Kanji (Parson) on Aug 17, 2003 at 16:04 UTC
~~Does `my $username - $ENV{'USERNAME'};` not work for you? It should if `%USERNAME%` is an environment variable.~~ Update: D'oh! Managed to skip the 'remote' part of the question entirely... --k.	[reply] [d/l] [select]
Re: Re: Re: Re: Extracting the name of a logged in user on a remote w2k workstation by Zenistar (Initiate) on Aug 17, 2003 at 16:52 UTC