Page 1 of 1 1
Topic Options
#206041 - 2012-10-19 01:21 PM enum user session with WMI
ChristopheM Offline
Hey THIS is FUN
*****

Registered: 2002-05-13
Posts: 308
Loc: STRASBOURG, France
Hi,

i have a script that scans all XP workstations (SP3) on the network (about 4200) to get users locally connected and uptime. i use psloggedon from sysinternals to get user informations (redirect output in a file and analyze text file).

now, instead of launching psloggedon more than 4200 times, i would like to use WMI with remote request. I found a vb script that i converted to Kix and this is working fine locally. The problem is that the script doesn't give the same results when run locally or remotely.

1) i am connected on a workstation A with a domain admin account.
2) from this workstation, i launch mstsc to open a session on workstation B with the same account.
3) i copy the script on workstation B

4) i execute the script on workstation A with workstation B as parameter to get information remotely. I get a set of result 1
5) i execute the script locally on workstation B. I get a set of result 2

set 1 and set 2 are differents \:\(
in fact, when executed to get remote informations, it seems that resolution from logonID to user name is not done.

Has somebody experimented this problem ?
Can somebody test the script and tell if he gets same results ?

Thanks


Attachments
loggedon.kix (187 downloads)
Description:


_________________________
Christophe

Top
#206045 - 2012-10-19 09:55 PM Re: enum user session with WMI [Re: ChristopheM]
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
What I go is have code in my logonscript to update a table in SQL DB with that info.

 Code:
	$cn = CreateObject("ADODB.Connection") $cmd = CreateObject("ADODB.Command") $rs = CreateObject("ADODB.RecordSet")
	$cn.connectionstring = "DRIVER={SQL Server};SERVER=sqlserver;UID=UserName;PWD=password;DATABASE=invDB"
	$cn.open $cmd.activeconnection = $cn $rs.cursortype = 3 $rs.locktype = 3
	$rs.activecommand = $cmd
	$cmdtxt = "select * from dbo._tbl_Main where SerialNumber = '$serNo'"
	$cmd.commandtext = $cmdtxt
	$rs.open($cmd)	
	If $rs.eof = -1 $rs.addnew EndIf 
	$rs.fields.item("UserName").value = @userid
	$rs.update		
	Logfile(tab(3) + 'Updating User logon in SQL Inventory ' + @serror)	
	$rs.close
	$cn.close
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#206046 - 2012-10-19 10:43 PM Re: enum user session with WMI [Re: Radimus]
ChristopheM Offline
Hey THIS is FUN
*****

Registered: 2002-05-13
Posts: 308
Loc: STRASBOURG, France
thanks for your answer.

This a good way to save user connection but i need to know who is connected at the moment of the scan. With your solution, multiples cases are not treated :
- domain user who has closed the session,
- domain user who has not logon script
- local user created on workstation
- domain user who has opened a session on a laptop not connected the network (logon script not run) and then reconnect the laptop on the network

I just want to understand if there is a bug in my script or if this is a problem with WMI on XP workstations.
_________________________
Christophe

Top
#206047 - 2012-10-20 03:11 AM Re: enum user session with WMI [Re: ChristopheM]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4367
Loc: New Jersey
This is how I do it in my helpdesk app:
 Code:
; get the currently logged-on user, if any
      If $SECURE $WMIOBJPTR = WMIAuthentication($txtHost.Text, $USERID , $USERPW) EndIf
      $RC = ''
      $ACTIVEUSERID = WMIQuery('UserName', 'Win32_ComputerSystem', $txtHost.Text, , , , $WMIOBJPTR)[0]
      If InStr($ACTIVEUSERID, '\') $RC = Split($ACTIVEUSERID, '\')[1] Else $RC = $ACTIVEUSERID EndIf
The two WMIxxxxx functions are available from the resources page of my website, and just slightly modified/updated versions of those posted on KORG. The above example was developed on XP and works on Vista/Win7.

$WMIOBJPTR can be null/eliminated unless you need a specific account to authenticate against the remote machine. WMIAuthentication() simply provides a standard function to get an authenticated WMI object rather than building it into every WMI function.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
#206048 - 2012-10-20 03:57 PM Re: enum user session with WMI [Re: Glenn Barnas]
ChristopheM Offline
Hey THIS is FUN
*****

Registered: 2002-05-13
Posts: 308
Loc: STRASBOURG, France
thanks glenn

this is an other way but not really a question to my current problem.
and i see another problem with this solution.
according to MSDN site, the username property of win32_computersystem is set only for a console session not for a session with terminal service so sometime, i could have no information even if there is a user connected !!!

i had a look to your functions. your WMIAuthentication function is very near from my WMIConnectEx
Except parameters, globally i just see one difference :
your code :
 Code:
$objWBEM=GetObject('winmgmts:{impersonationLevel=impersonate}!\\'+$sComputerName+'\'+$sNameSpace)
my code :
 Code:
$objWMIService=GetObject('winmgmts:{'+$SecuritySettings+'}!\\'+$strcomputer+'\'+$namespace)

I use an optional parameter SecuritySettings where you have hardcoded "impersonationLevel=impersonate".

A word also about the WMIQuery function.
No need to evaluate $sComputer and $root when $pAuth is defined because theses variables aren't used after (and evaluation has already be done by the call to WMIAuthentication).
your code:
 Code:
$sComputer = Trim(Join(Split($sComputer,'\'),''))

If Not $sComputer Or $sComputer = @WKSTA
	$sComputer = '.'
EndIf

If Not $root
	$root = '\root\cimv2'
Endif

If $pAuth
	$SystemSet = $pAuth
Else
	$SystemSet = GetObject('winmgmts:{impersonationLevel=impersonate}!\\' + $sComputer + $root)
	If @ERROR Or Not $SystemSet
		Exit Val('&' + Right(DecToHex(@ERROR), 4))
	EndIf
EndIf
i suggest:
 Code:
If $pAuth
	$SystemSet = $pAuth
Else
	$sComputer = Trim(Join(Split($sComputer,'\'),''))

	If Not $sComputer Or $sComputer = @WKSTA
		$sComputer = '.'
	EndIf

	If Not $root
		$root = '\root\cimv2'
	Endif

	$SystemSet = GetObject('winmgmts:{impersonationLevel=impersonate}!\\' + $sComputer + $root)
	If @ERROR Or Not $SystemSet
		Exit Val('&' + Right(DecToHex(@ERROR), 4))
	EndIf
EndIf

it is compatible with existing code and will execute a little faster when $pAuth is initialized.
_________________________
Christophe

Top
#206050 - 2012-10-20 09:53 PM Re: enum user session with WMI [Re: ChristopheM]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22344
Loc: OK
you guys doing this the hard way.
be interested in kix only solution maybe?
_________________________
!

download KiXnet

Top
#206051 - 2012-10-20 09:59 PM Re: enum user session with WMI [Re: Lonkero]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22344
Loc: OK
well, I will give it to you anyways:
http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=82988

why go with something slow when there is superior way of doing it right within kix?
_________________________
!

download KiXnet

Top
#206054 - 2012-10-22 09:04 PM Re: enum user session with WMI [Re: ChristopheM]
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
If the code is on the machine and is called via All Users startup, or in the local logon policy, the only ones not captured are machine the are logged into, but not connected to LAN at the time.
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
Page 1 of 1 1


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 319 anonymous users online.
Newest Members
Kelly001, MichaelK72, Janneman, standardbruker, maikoenig2001
17773 Registered Users

Generated in 0.034 seconds in which 0.011 seconds were spent on a total of 14 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org