The WsSes command will list logon/logoff sessions from one or more
workstations. WsSes reads the Security Event Logs on all domain controllers to get the
session information. For this to work you must have enabled audit of Logon and Logoff at
the Domain Controller (you do that in the User Manager for Domains at the Policies, Audit
menu). Also, when running the WsSes command you must have the SE_SECURITY_NAME User Right
(you will normally have this User Right if you run as Administrator).
For each session WsSes will print: date of logon, time of logon, date of logoff, time
of logoff, user id and workstation name. Note that WsSes will have to read through the
Security Event Logs on all the Domain Controllers. If these logs are large WsSes can take
quite a while to execute.
WsSes is a Perl program which
internally uses the NetViewX and elDump commands. It is written by Jesper Lauritsen and is in the Public
WsSes takes the following arguments:
||Name of workstation to list sessions for. You can specify one or more workstations.
||Domain to list sessions for. Default is the current domain.
||Also look in event logs saved with elSavClr (see the documentation for elDump -S).
||Only list sessions after this time [YY]YYMMDD[HH[MM[SS]]].
||Only list sessions in the last specified number of days.
||Only list sessions before this time [YY]YYMMDD[HH[MM[SS]]].
||Only list sessions before the specified number of days.
||Do not list sessions shorter than the specified number of seconds. Clients not running
Windows NT often makes some short spurious sessions when connecting. Default is not to
list sessions shorter than 30 seconds.
||Do not merge overlapping sessions to same workstation. Often clients will have more
than one concurrent session, and some times they will end a session and then start a new
one right away. Default is to merge such sessions to one session in the list.
||Also list the session id. The session id will also identify the Domain Controller
which validated the logon.
||Print some trace info to standard error.
List sessions from workstation bill:
List all sessions from workstation bill:
wsses \\bill -s0 -m
List session from the last 24 hours in domain mydom from workstation
wsses \\jeff -D mydom -A 1
Before download and installation you should:
Download current version of WsSes.
The WsSes tool is distributed as a zip file containing WsSes.bat (the tool) and
WsSes.htm (this page). If NetViewX and elDump is not in your path you must edit WsSes.bat to include the absolute path to these tools. Otherwise you do not have
to install the tool - simply run it from a command line.
You may also want to look at the other NT tools by Jesper.
||Initial release. Consider this a beta release.
last changed 20. juli 1999