The UserSes command will list logon/logoff sessions for one or more
users. UserSes reads the Security Event Logs on all domain controllers to get the session
information. For this to work you must have enabled audit of Logon and Logoff at the
Domain Controller (you do that in the User Manager for Domains at the Policies, Audit
menu). Also, when running the UserSes command you must have the SE_SECURITY_NAME User
Right (you will normally have this User Right if you run as Administrator).
For each session UserSes will print: date of logon, time of logon, date of logoff, time
of logoff, user id and workstation name. Note that UserSes will have to read through the
Security Event Logs on all the Domain Controllers. If these logs are large UserSes can
take quite a while to execute.
UserSes is a Perl program which
internally uses the NetViewX and elDump commands. It is written by Jesper Lauritsen and is in the Public
UserSes takes the following arguments:
||Simple userid or userid on the form domain\user. All sessions by this users will be
listed. You can specify one or more userids.
||Domain to list sessions for. Default is the domain of the userid(s). You only need to
use this option if you want to list sessions in this domain for a user from another
||Also look in event logs saved with elSavClr (see the documentation for elDump -S).
||Only list sessions after this time [YY]YYMMDD[HH[MM[SS]]].
||Only list sessions in the last specified number of days.
||Only list sessions before this time [YY]YYMMDD[HH[MM[SS]]].
||Only list sessions before the specified number of days.
||Do not list sessions shorter than the specified number of seconds. Clients not running
Windows NT often makes some short spurious sessions when connecting. Default is not to
list sessions shorter than 30 seconds.
||Do not merge overlapping sessions to same workstation. Often clients will have more
than one concurrent session, and some times they will end a session and then start a new
one right away. Default is to merge such sessions to one session in the list.
||Also list the session id. The session id will also identify the Domain Controller
which validated the logon.
||Print some trace info to standard error.
List sessions by user bill:
List all sessions by user bill:
userses bill -s0 -m
List session from the last 24 hours in domain mydom1 by user jeff in
userses mydom2\jeff -D mydom1 -A 1
Before download and installation you should:
Download current version of UserSes.
The UserSes tool is distributed as a zip file containing UserSes.bat (the tool) and
UserSes.htm (this page). If NetViewX and elDump is not in your path you must edit UserSes.bat to include the absolute path to these tools. Otherwise you do not have
to install the tool - simply run it from a command line.
You may also want to look at the other NT tools by Jesper.
||Initial release. Consider this a beta release.
last changed 20. juli 1999