JSI Tip 8103. Freeware LogonSessions.exe lists all the active logon session on your computer.


Download LogonSessions.zip.

You will be surprised at the number of active logon sessions on your computer.

The syntax for using LogonSessions.exe is:

LogonSessions \[-p\]

where -p lists the processes running in each session.

When I typed logonsessions -p on my Windows XP desktop, I received:

LogonSessions 1.0
Copyright (C) 2004 Bryce Cogswell
Sysinternals - www.sysinternals.com

\[0\] Logon session 00000000:000003e7:
    User name:    JSIINC\JSI009$
    Auth package: Negotiate
    Logon type:   (none)
    Session:      0
    Sid:          S-1-5-18
    Logon time:   05/28/2004 13:13:24
    Logon server:
    DNS Domain:   JSIINC.COM
    UPN:
      768: \SystemRoot\System32\smss.exe
      876: \??\C:\WINDOWS\system32\winlogon.exe
      924: C:\WINDOWS\system32\services.exe
      936: C:\WINDOWS\system32\lsass.exe
     1124: C:\WINDOWS\system32\svchost.exe
     1248: C:\WINDOWS\System32\svchost.exe
     1584: C:\WINDOWS\system32\spoolsv.exe
     1736: C:\WINDOWS\System32\cisvc.exe
     1780: C:\WINDOWS\System32\inetsrv\inetinfo.exe
     1792: C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
     1808: C:\Program Files\CA\eTrust Antivirus\InoRT.exe
     1868: C:\Program Files\CA\eTrust Antivirus\InoTask.exe
     2028: C:\Program Files\Dell\PSM\iomgr.exe
      176: C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
      208: C:\WINDOWS\System32\nvsvc32.exe
      704: C:\Program Files\RemotelyAnywhere\RaMaint.exe
     1220: C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
     1424: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\OWSTIMER.EXE
     1532: C:\WINDOWS\System32\svchost.exe
     1644: C:\Program Files\TapeWare\TWWINSDR.EXE
     1820: C:\Program Files\uphclean\uphclean.exe
     1596: C:\WINDOWS\System32\ups.exe
     2136: C:\Program Files\Intel\ASF Agent\ASFAgent.exe
     2364: C:\WINDOWS\System32\Fast.exe
     2376: C:\Program Files\Raxco\PerfectDisk\PDSched.exe
     2480: C:\Program Files\Dell\PSM\arcpd.exe
     2552: C:\Program Files\Dell\PSM\notify.exe
      632: C:\WINDOWS\system32\cidaemon.exe
      348: C:\WINDOWS\system32\cidaemon.exe
      604: C:\WINDOWS\System32\dllhost.exe

\[1\] Logon session 00000000:0000c0e9:
    User name:
    Auth package: NTLM
    Logon type:   (none)
    Session:      0
    Sid:          (none)
    Logon time:   05/28/2004 13:13:24
    Logon server:
    DNS Domain:
    UPN:

\[2\] Logon session 00000000:000003e4:
    User name:    NT AUTHORITY\NETWORK SERVICE
    Auth package: Negotiate
    Logon type:   Service
    Session:      0
    Sid:          S-1-5-20
    Logon time:   05/28/2004 13:13:25
    Logon server:
    DNS Domain:
    UPN:

\[3\] Logon session 00000000:000003e5:
    User name:    NT AUTHORITY\LOCAL SERVICE
    Auth package: Negotiate
    Logon type:   Service
    Session:      0
    Sid:          S-1-5-19
    Logon time:   05/28/2004 13:13:25
    Logon server:
    DNS Domain:
    UPN:

\[4\] Logon session 00000000:0000edb8:
    User name:    JSIINC\Jerry
    Auth package: Kerberos
    Logon type:   Interactive
    Session:      0
    Sid:          S-1-5-21-4941052328-421961685-9873763951-1113
    Logon time:   05/28/2004 13:13:33
    Logon server: JSI001
    DNS Domain:   JSIINC.COM
    UPN:
     3440: C:\WINDOWS\Explorer.EXE
     3520: C:\WINDOWS\System32\DSentry.exe
     3536: C:\WINDOWS\System32\taskswitch.exe
     3568: c:\windows\system32\taskmgr.exe
     3600: C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
     3608: C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
     3632: C:\PROGRA~1\CA\ETRUST~1\realmon.exe
     3644: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
     3652: C:\Program Files\RemotelyAnywhere\ragui.exe
     3664: C:\WINDOWS\system32\RUNDLL32.EXE
     3672: C:\Program Files\Messenger\msmsgs.exe
     3736: C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
     3800: C:\UTIL\CLIPPOOL.EXE
     3864: C:\WINDOWS\SYSTEM32\fastkey.exe
     4000: C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
     4072: C:\Program Files\Internet Explorer\iexplore.exe
     3308: C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
     3368: C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE
     3560: C:\Program Files\Microsoft Office\Office10\MSACCESS.EXE
     3620: C:\WebCompiler\webcompiler.exe
     3900: C:\WINDOWS\system32\ntvdm.exe
     3952: C:\WINDOWS\system32\notepad.exe
      684: C:\WINDOWS\system32\notepad.exe
     2008: C:\Program Files\American Systems\Print Screen Deluxe\prntscrn.exe
     3216: C:\AGENT\agent.exe
     2716: C:\WINDOWS\NOTEPAD.EXE
     2816: C:\WINDOWS\SYSTEM32\CMD.EXE
     3112: C:\UTIL\LogonSessions.exe

\[5\] Logon session 00000000:00011cd0:
    User name:    NT AUTHORITY\ANONYMOUS LOGON
    Auth package: NTLM
    Logon type:   Network
    Session:      0
    Sid:          S-1-5-7
    Logon time:   05/28/2004 13:13:34
    Logon server:
    DNS Domain:
    UPN:

\[6\] Logon session 00000000:0001377a:
    User name:    JSI009\Administrator
    Auth package: NTLM
    Logon type:   Batch
    Session:      0
    Sid:          S-1-5-21-6978815494-9318855973-900065691-500
    Logon time:   05/28/2004 13:13:35
    Logon server: JSI009
    DNS Domain:
    UPN:

\[7\] Logon session 00000000:00049a0f:
    User name:    JSI009\IUSR_JSI009
    Auth package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Logon type:   Interactive
    Session:      0
    Sid:          S-1-5-21-6978815494-9318855973-900065691-1006
    Logon time:   05/28/2004 13:14:01
    Logon server: JSI009
    DNS Domain:
    UPN:



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish