Decrypt my World : How to get the logged on user with WMI (VBScript)

News

Any of my posts is supported under any Microsoft standard support program or service. They are provided "AS IS" without warranty of any kind, and confer no rights.

Where are my readers?

Favorite Posts

Debugging blogs

Security blogs

.NET Security Blog

Spanish blogs

Consulta con el equipo de Windows

Archives

How to get the logged on user with WMI (VBScript)

Hi all, welcome back,

From time to time I get to do some scripting, play with LDAP/ADSI, WMI, etc. I'll begin posting some VBScript samples I have which may be useful for you too.

Today we'll see a way to get the user who has logged on a given machine with VBScript & WMI:

' PARAMETERS
'
strComputer = "machineName"   ' use "." for local computer 
strUser = "domain\user" ' comment this line for current user
strPassword = "password" ' comment this line for current user

' CONSTANTS
'
wbemImpersonationLevelImpersonate = 3
wbemAuthenticationLevelPktPrivacy = 6

'=======================================================================
' MAIN
'=======================================================================

' Connect to machine
'
If Not strUser = "" Then

	' Connect using user and password
	'
	Set objLocator = CreateObject("WbemScripting.SWbemLocator")
	Set objWMI = objLocator.ConnectServer _
		(strComputer, "root\cimv2", strUser, strPassword)
	objWMI.Security_.ImpersonationLevel = wbemImpersonationLevelImpersonate
	objWMI.Security_.AuthenticationLevel = wbemAuthenticationLevelPktPrivacy
	
Else

	' Connect using current user
	'
	Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") 

End If

' Get OS name
'
Set colOS = objWMI.InstancesOf ("Win32_OperatingSystem")

For Each objOS in colOS
	strName = objOS.Name
Next

If Instr(strName, "Windows 2000") > 0 Then

	'-------------------------------------------------------------------
	' Code for Windows 2000
	'-------------------------------------------------------------------

	' Get user name
	'
	Set colComputer = objWMI.ExecQuery("Select * from Win32_ComputerSystem")
	
	For Each objComputer in colComputer
		Wscript.Echo "User: " & objComputer.UserName
	Next

	' ------------------------------------------------------------------
	
Else

	' ------------------------------------------------------------------
	' Code for Windows XP or later
	' ------------------------------------------------------------------
	
	' Get interactive session
	'
	Set colSessions = objWMI.ExecQuery _ 
		  ("Select * from Win32_LogonSession Where LogonType = 2") 
	
	If colSessions.Count = 0 Then 
		' No interactive session found
		'
		Wscript.Echo "No interactive user found" 
	Else 
		'Interactive session found
		'
		For Each objSession in colSessions 
		
			Set colList = objWMI.ExecQuery("Associators of " _ 
			& "{Win32_LogonSession.LogonId=" & objSession.LogonId & "} " _ 
			& "Where AssocClass=Win32_LoggedOnUser Role=Dependent" ) 
					
			' Show user info
			'
			For Each objItem in colList 
				WScript.Echo "User: " & objItem.Name 
				WScript.Echo "FullName: " & objItem.FullName 
				WScript.Echo "Domain: " & objItem.Domain 
			Next 
			
			' Show session start time
			'
			Wscript.Echo "Start Time: " & objSession.StartTime 
		Next 
	End If 
	
	' ------------------------------------------------------------------

End If

'=======================================================================

I hope this helps.

Cheers,

Alex (Alejandro Campos Magencio)

Posted: Tuesday, March 04, 2008 12:06 PM by alejacma

Comments

Michael Greene said:

This is excellent. There are many, many ways one could integrate this in to other tools.

# March 4, 2008 12:54 PM

Spiderman said:

Do not work on Vista.

If one User is logged in, it found the User twice.

If two Users are logged in, it found only one.

# December 22, 2008 7:33 AM

mircea said:

Hi,

Thanks for the script, but even though I saved the text file with vbs extension, it didn't run either on Windows XP or Windows Server 2003...

# February 24, 2009 2:36 PM

alejacma said:

Do you get any error?

# February 24, 2009 4:00 PM

I have been trying to find out this very piece of information - thanks!. However, now the bad news :(. I am trying out the query using Wbemtest and I cannot seem to get access to domain based accounts when querying a remote host, but I CAN get them when running the command locally. I have confirmed that the user I am connecting as is a member of the local administrators group. Is there some extra level of restriction at play here, or am I missing something obvious. Thanks, Andy

# March 30, 2009 11:29 AM

Ed said:

I'm also having the same issue as Andy McCall above, any pointers?

# April 9, 2009 7:54 AM

Ricardo said:

what´s meaning "no interactive user found" ?

# May 5, 2009 3:30 PM

David said:

removing 'Where LogonType = 2' gave a better result for me under XP

# May 7, 2009 12:53 AM

Brian Kayser said:

I had better luck replacing:

("Select * from Win32_LogonSession Where LogonType = 2")

With...

("Select * from Win32_LogonSession where LogonType <> 0 and LogonType <> 3 and LogonType <> 5")

# August 5, 2009 9:17 AM

Jimbob said:

I think I'm misunderstanding what LogonType 10 represents. Specifically,

I'm trying to enumerate interactive logged-in users, both console

and RDP, on WinXP and Win2003 machines. I get Type 10 sessions

for the real logged-in users but also for people without RDP

sessions (using Terminal Services Manager to verify who is

logged in). I'm at a loss to explain what these other type

10 sessions might be, and how to distinguish between them and

"real" logins.

# August 12, 2009 12:51 PM

Luis Enrique said:

It does not report a username on W2K, for XP is great.

# November 5, 2009 9:35 AM

Decrypt my World

Recent Posts

Tags