You will be surprised at the number of active logon sessions on your computer.
The syntax for using LogonSessions.exe is:
LogonSessions \[-p\]
where -p lists the processes running in each session.
When I typed logonsessions -p on my Windows XP desktop, I received:
LogonSessions 1.0 Copyright (C) 2004 Bryce Cogswell Sysinternals - www.sysinternals.com \[0\] Logon session 00000000:000003e7: User name: JSIINC\JSI009$ Auth package: Negotiate Logon type: (none) Session: 0 Sid: S-1-5-18 Logon time: 05/28/2004 13:13:24 Logon server: DNS Domain: JSIINC.COM UPN: 768: \SystemRoot\System32\smss.exe 876: \??\C:\WINDOWS\system32\winlogon.exe 924: C:\WINDOWS\system32\services.exe 936: C:\WINDOWS\system32\lsass.exe 1124: C:\WINDOWS\system32\svchost.exe 1248: C:\WINDOWS\System32\svchost.exe 1584: C:\WINDOWS\system32\spoolsv.exe 1736: C:\WINDOWS\System32\cisvc.exe 1780: C:\WINDOWS\System32\inetsrv\inetinfo.exe 1792: C:\Program Files\CA\eTrust Antivirus\InoRpc.exe 1808: C:\Program Files\CA\eTrust Antivirus\InoRT.exe 1868: C:\Program Files\CA\eTrust Antivirus\InoTask.exe 2028: C:\Program Files\Dell\PSM\iomgr.exe 176: C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe 208: C:\WINDOWS\System32\nvsvc32.exe 704: C:\Program Files\RemotelyAnywhere\RaMaint.exe 1220: C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe 1424: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\OWSTIMER.EXE 1532: C:\WINDOWS\System32\svchost.exe 1644: C:\Program Files\TapeWare\TWWINSDR.EXE 1820: C:\Program Files\uphclean\uphclean.exe 1596: C:\WINDOWS\System32\ups.exe 2136: C:\Program Files\Intel\ASF Agent\ASFAgent.exe 2364: C:\WINDOWS\System32\Fast.exe 2376: C:\Program Files\Raxco\PerfectDisk\PDSched.exe 2480: C:\Program Files\Dell\PSM\arcpd.exe 2552: C:\Program Files\Dell\PSM\notify.exe 632: C:\WINDOWS\system32\cidaemon.exe 348: C:\WINDOWS\system32\cidaemon.exe 604: C:\WINDOWS\System32\dllhost.exe \[1\] Logon session 00000000:0000c0e9: User name: Auth package: NTLM Logon type: (none) Session: 0 Sid: (none) Logon time: 05/28/2004 13:13:24 Logon server: DNS Domain: UPN: \[2\] Logon session 00000000:000003e4: User name: NT AUTHORITY\NETWORK SERVICE Auth package: Negotiate Logon type: Service Session: 0 Sid: S-1-5-20 Logon time: 05/28/2004 13:13:25 Logon server: DNS Domain: UPN: \[3\] Logon session 00000000:000003e5: User name: NT AUTHORITY\LOCAL SERVICE Auth package: Negotiate Logon type: Service Session: 0 Sid: S-1-5-19 Logon time: 05/28/2004 13:13:25 Logon server: DNS Domain: UPN: \[4\] Logon session 00000000:0000edb8: User name: JSIINC\Jerry Auth package: Kerberos Logon type: Interactive Session: 0 Sid: S-1-5-21-4941052328-421961685-9873763951-1113 Logon time: 05/28/2004 13:13:33 Logon server: JSI001 DNS Domain: JSIINC.COM UPN: 3440: C:\WINDOWS\Explorer.EXE 3520: C:\WINDOWS\System32\DSentry.exe 3536: C:\WINDOWS\System32\taskswitch.exe 3568: c:\windows\system32\taskmgr.exe 3600: C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe 3608: C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe 3632: C:\PROGRA~1\CA\ETRUST~1\realmon.exe 3644: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe 3652: C:\Program Files\RemotelyAnywhere\ragui.exe 3664: C:\WINDOWS\system32\RUNDLL32.EXE 3672: C:\Program Files\Messenger\msmsgs.exe 3736: C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe 3800: C:\UTIL\CLIPPOOL.EXE 3864: C:\WINDOWS\SYSTEM32\fastkey.exe 4000: C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe 4072: C:\Program Files\Internet Explorer\iexplore.exe 3308: C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE 3368: C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE 3560: C:\Program Files\Microsoft Office\Office10\MSACCESS.EXE 3620: C:\WebCompiler\webcompiler.exe 3900: C:\WINDOWS\system32\ntvdm.exe 3952: C:\WINDOWS\system32\notepad.exe 684: C:\WINDOWS\system32\notepad.exe 2008: C:\Program Files\American Systems\Print Screen Deluxe\prntscrn.exe 3216: C:\AGENT\agent.exe 2716: C:\WINDOWS\NOTEPAD.EXE 2816: C:\WINDOWS\SYSTEM32\CMD.EXE 3112: C:\UTIL\LogonSessions.exe \[5\] Logon session 00000000:00011cd0: User name: NT AUTHORITY\ANONYMOUS LOGON Auth package: NTLM Logon type: Network Session: 0 Sid: S-1-5-7 Logon time: 05/28/2004 13:13:34 Logon server: DNS Domain: UPN: \[6\] Logon session 00000000:0001377a: User name: JSI009\Administrator Auth package: NTLM Logon type: Batch Session: 0 Sid: S-1-5-21-6978815494-9318855973-900065691-500 Logon time: 05/28/2004 13:13:35 Logon server: JSI009 DNS Domain: UPN: \[7\] Logon session 00000000:00049a0f: User name: JSI009\IUSR_JSI009 Auth package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon type: Interactive Session: 0 Sid: S-1-5-21-6978815494-9318855973-900065691-1006 Logon time: 05/28/2004 13:14:01 Logon server: JSI009 DNS Domain: UPN:
0 comments
Hide comments