We often need to know who is currently logged on to a remote computer.
With native Windows commands only:
NBTSTAT -a remotecomputer | FIND "<03>" | FIND /I /V "remotecomputer"
The first name in the list usually is the logged on user (try playing with the NET NAME
command to learn more about the names displayed by NBTSTAT
).
This is the fastest way to find the logged on user name, and the results that you do get are correct, but NBTSTAT
won't always return a user name, even when a user is logged on.
Using WMIC (Windows XP Professional and later):
WMIC /Node:remotecomputer ComputerSystem Get UserName
This is arguably the most reliable (native) command to find out who is logged on.
With the help of SysInternals' PSTools:
PSLOGGEDON -L \\remotecomputer
or:
PSEXEC \\remotecomputer NET CONFIG WORKSTATION | FIND /I " name "
or:
PSEXEC \\remotecomputer NET NAME
or:
PSEXEC \\remotecomputer NETSH DIAG SHOW COMPUTER /V | FIND /i "username"
or:
FOR /F %%A IN ('REG Query \\remotecomputer\HKU ˆ| FINDSTR /R /B /C:"HKEY_USERS\\S-1-5-[0-9][0-9]-[0-9-]*$"') DO (
FOR /F "tokens=3 delims=\" %%B IN ('REG Query "\\remotecomputer\%%A\Volatile Environment"') DO (
SET LoggedinUser=%%B
)
)
NETSH
and WMIC
are for XP or later, and are the most reliable of all commands shown here.
WMIC
requires WMI enabled remote computers and Windows XP on the administrator's computer; NETSH
requires Windows XP on the remote computers.
PSLOGGEDON
is a more accurate solution than NBTSTAT
, but it will return the last logged on user if no one is currently logged on.
The NET
and NBTSTAT
commands show more or less identical results, but the NBTSTAT
command is much faster.
The REG
command is accurate, but may need to be modified depending on the version used. As displayed here, the code is written for REG.EXE 3.0 (XP).
If you want to search lots of computers for logged on users, I recommend you try NBTSTAT
first (fast, but it won't always return the user name!), and only switch to NETSH
, REG
or WMIC
(accurate) if NBTSTAT
doesn't return a user name.
Credits: Jiří Janyška (WMIC command) and Matthew W. Helton (NETSH command).