You will be surprised at the number of active logon sessions on your computer.
The syntax for using LogonSessions.exe is:
LogonSessions \[-p\]
where -p lists the processes running in each session.
When I typed logonsessions -p on my Windows XP desktop, I received:
LogonSessions 1.0
Copyright (C) 2004 Bryce Cogswell
Sysinternals - www.sysinternals.com
\[0\] Logon session 00000000:000003e7:
User name: JSIINC\JSI009$
Auth package: Negotiate
Logon type: (none)
Session: 0
Sid: S-1-5-18
Logon time: 05/28/2004 13:13:24
Logon server:
DNS Domain: JSIINC.COM
UPN:
768: \SystemRoot\System32\smss.exe
876: \??\C:\WINDOWS\system32\winlogon.exe
924: C:\WINDOWS\system32\services.exe
936: C:\WINDOWS\system32\lsass.exe
1124: C:\WINDOWS\system32\svchost.exe
1248: C:\WINDOWS\System32\svchost.exe
1584: C:\WINDOWS\system32\spoolsv.exe
1736: C:\WINDOWS\System32\cisvc.exe
1780: C:\WINDOWS\System32\inetsrv\inetinfo.exe
1792: C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
1808: C:\Program Files\CA\eTrust Antivirus\InoRT.exe
1868: C:\Program Files\CA\eTrust Antivirus\InoTask.exe
2028: C:\Program Files\Dell\PSM\iomgr.exe
176: C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
208: C:\WINDOWS\System32\nvsvc32.exe
704: C:\Program Files\RemotelyAnywhere\RaMaint.exe
1220: C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
1424: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\OWSTIMER.EXE
1532: C:\WINDOWS\System32\svchost.exe
1644: C:\Program Files\TapeWare\TWWINSDR.EXE
1820: C:\Program Files\uphclean\uphclean.exe
1596: C:\WINDOWS\System32\ups.exe
2136: C:\Program Files\Intel\ASF Agent\ASFAgent.exe
2364: C:\WINDOWS\System32\Fast.exe
2376: C:\Program Files\Raxco\PerfectDisk\PDSched.exe
2480: C:\Program Files\Dell\PSM\arcpd.exe
2552: C:\Program Files\Dell\PSM\notify.exe
632: C:\WINDOWS\system32\cidaemon.exe
348: C:\WINDOWS\system32\cidaemon.exe
604: C:\WINDOWS\System32\dllhost.exe
\[1\] Logon session 00000000:0000c0e9:
User name:
Auth package: NTLM
Logon type: (none)
Session: 0
Sid: (none)
Logon time: 05/28/2004 13:13:24
Logon server:
DNS Domain:
UPN:
\[2\] Logon session 00000000:000003e4:
User name: NT AUTHORITY\NETWORK SERVICE
Auth package: Negotiate
Logon type: Service
Session: 0
Sid: S-1-5-20
Logon time: 05/28/2004 13:13:25
Logon server:
DNS Domain:
UPN:
\[3\] Logon session 00000000:000003e5:
User name: NT AUTHORITY\LOCAL SERVICE
Auth package: Negotiate
Logon type: Service
Session: 0
Sid: S-1-5-19
Logon time: 05/28/2004 13:13:25
Logon server:
DNS Domain:
UPN:
\[4\] Logon session 00000000:0000edb8:
User name: JSIINC\Jerry
Auth package: Kerberos
Logon type: Interactive
Session: 0
Sid: S-1-5-21-4941052328-421961685-9873763951-1113
Logon time: 05/28/2004 13:13:33
Logon server: JSI001
DNS Domain: JSIINC.COM
UPN:
3440: C:\WINDOWS\Explorer.EXE
3520: C:\WINDOWS\System32\DSentry.exe
3536: C:\WINDOWS\System32\taskswitch.exe
3568: c:\windows\system32\taskmgr.exe
3600: C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
3608: C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
3632: C:\PROGRA~1\CA\ETRUST~1\realmon.exe
3644: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
3652: C:\Program Files\RemotelyAnywhere\ragui.exe
3664: C:\WINDOWS\system32\RUNDLL32.EXE
3672: C:\Program Files\Messenger\msmsgs.exe
3736: C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
3800: C:\UTIL\CLIPPOOL.EXE
3864: C:\WINDOWS\SYSTEM32\fastkey.exe
4000: C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
4072: C:\Program Files\Internet Explorer\iexplore.exe
3308: C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
3368: C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE
3560: C:\Program Files\Microsoft Office\Office10\MSACCESS.EXE
3620: C:\WebCompiler\webcompiler.exe
3900: C:\WINDOWS\system32\ntvdm.exe
3952: C:\WINDOWS\system32\notepad.exe
684: C:\WINDOWS\system32\notepad.exe
2008: C:\Program Files\American Systems\Print Screen Deluxe\prntscrn.exe
3216: C:\AGENT\agent.exe
2716: C:\WINDOWS\NOTEPAD.EXE
2816: C:\WINDOWS\SYSTEM32\CMD.EXE
3112: C:\UTIL\LogonSessions.exe
\[5\] Logon session 00000000:00011cd0:
User name: NT AUTHORITY\ANONYMOUS LOGON
Auth package: NTLM
Logon type: Network
Session: 0
Sid: S-1-5-7
Logon time: 05/28/2004 13:13:34
Logon server:
DNS Domain:
UPN:
\[6\] Logon session 00000000:0001377a:
User name: JSI009\Administrator
Auth package: NTLM
Logon type: Batch
Session: 0
Sid: S-1-5-21-6978815494-9318855973-900065691-500
Logon time: 05/28/2004 13:13:35
Logon server: JSI009
DNS Domain:
UPN:
\[7\] Logon session 00000000:00049a0f:
User name: JSI009\IUSR_JSI009
Auth package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon type: Interactive
Session: 0
Sid: S-1-5-21-6978815494-9318855973-900065691-1006
Logon time: 05/28/2004 13:14:01
Logon server: JSI009
DNS Domain:
UPN:
0 comments
Hide comments
