WsSes

<body stylesrc="WsSes.htm"> <p> </p>  <table border="0" cellpadding="0" cellspacing="0" width="100%"> <tr> <td></td> <td align="right"><div align="right"><table border="2" cellpadding="3" cellspacing="0" bordercolor="#008080" bordercolordark="#008080" bordercolorlight="#008080"> <tr> <td align="right"><font color="#008080" size="1" face="Arial">contents:</font><font size="1" face="Arial"><br> <a href="#Arguments">Arguments</a><br> <a href="#Examples">Examples</a><br> <a href="#Download and installation">Download and installation</a><br> <a href="#Version history">Version history</a></font></td> </tr> </table> </div></td> </tr> <tr> <td valign="bottom"><a name="WsSes"><font color="#008080" size="5" face="Arial"><strong>WsSes</strong></font></a></td> <td align="right" valign="bottom"></td> </tr> </table> <p><font face="Arial">The WsSes command will list logon/logoff sessions from one or more workstations. WsSes reads the Security Event Logs on all domain controllers to get the session information. For this to work you must have enabled audit of Logon and Logoff at the Domain Controller (you do that in the User Manager for Domains at the Policies, Audit menu). Also, when running the WsSes command you must have the SE_SECURITY_NAME User Right (you will normally have this User Right if you run as Administrator).</p> <p>For each session WsSes will print: date of logon, time of logon, date of logoff, time of logoff, user id and workstation name. Note that WsSes will have to read through the Security Event Logs on all the Domain Controllers. If these logs are large WsSes can take quite a while to execute.</p> <p>WsSes<font face="Arial"> is a <a href="http://www.perl.org/">Perl</a> program which internally uses the <a href="http://www.ibt.ku.dk/jesper/netviewx/">NetViewX</a> and <a href="http://www.ibt.ku.dk/jesper/ELDump/">elDump</a> commands. It is written by <a href="http://www.ibt.ku.dk/jesper" target="_top">Jesper Lauritsen</a> and is in the Public Domain.</font></p> <table border="0" cellpadding="0" cellspacing="0" width="100%"> <tr> <td><font color="#008080" size="5" face="Arial"><strong><br> <a name="Arguments">Arguments</a></strong></font></td> <td align="right" valign="bottom"><font size="2" face="Arial">(<a href="#top">top</a>)</font></td> </tr> </table> <p><strong> WsSes</strong><font face="Arial"> takes the following arguments:</font></p> <table border="0"> <tr> <td width="20%" valign="top"><em><strong>\\workstation</strong></em></td> <td>Name of workstation to list sessions for. You can specify one or more workstations.</td> </tr> <tr> <td width="20%" valign="top"><strong><font face="Arial">-D<em> domain</em></font></strong></td> <td>Domain to list sessions for. Default is the current domain.</td> </tr> <tr> <td width="20%" valign="top"><strong><font face="Arial">-S [<em>dir</em>]</font></strong></td> <td><font face="Arial">Also look in event logs saved with <a href="http://www.ibt.ku.dk/jesper/ELSavClr/">elSavClr</a> (see the documentation for <a href="http://www.ibt.ku.dk/jesper/ELDump/eldump.htm#Dump of ELSavClr saved logs">elDump -S</a>).</font></td> </tr> <tr> <td width="20%" valign="top"><strong><font face="Arial">-a <em>time</em></font></strong></td> <td>Only list<font face="Arial"> sessions after this time [YY]YYMMDD[HH[MM[SS]]].</font></td> </tr> <tr> <td width="20%" valign="top"><strong><font face="Arial">-A <em>days</em></font></strong></td> <td>Only list sessions in the last specified number of days.</td> </tr> <tr> <td width="20%" valign="top"><strong><font face="Arial">-b <em>time</em></font></strong></td> <td>Only list sessions before this time [YY]YYMMDD[HH[MM[SS]]].</td> </tr> <tr> <td width="20%" valign="top"><strong><font face="Arial">-B <em>days</em></font></strong></td> <td>Only list sessions before the specified number of days.</td> </tr> <tr> <td width="20%" valign="top"><strong><font face="Arial">-s <em>seconds</em></font></strong></td> <td>Do not list sessions shorter than the specified number of seconds. Clients not running Windows NT often makes some short spurious sessions when connecting. Default is not to list sessions shorter than 30 seconds.</td> </tr> <tr> <td width="20%" valign="top"><strong>-m</strong></td> <td>Do not merge overlapping sessions to same workstation. Often clients will have more than one concurrent session, and some times they will end a session and then start a new one right away. Default is to merge such sessions to one session in the list.</td> </tr> <tr> <td width="20%" valign="top"><strong>-i</strong></td> <td>Also list the session id. The session id will also identify the Domain Controller which validated the logon.</td> </tr> <tr> <td width="20%" valign="top"><strong>-v</strong></td> <td>Print some trace info to standard error.</td> </tr> </table> <p> </p> <table border="0" cellpadding="0" cellspacing="0" width="100%"> <tr> <td><font color="#008080" size="5" face="Arial"><strong><br> <a name="Examples">Examples</a></strong></font></td> <td align="right" valign="bottom"><font size="2" face="Arial">(<a href="#top">top</a>)</font></td> </tr> </table> <p><font face="Arial">List sessions from workstation bill:</font></p> <blockquote> <p></font><font face="Courier New">wsses \\bill</font><font face="Arial"></p> </blockquote> <p>List <em>all</em> sessions from workstation bill:</p> <blockquote> <p></font><font face="Courier New">wsses \\bill -s0 -m</font><font face="Arial"></p> </blockquote> <p><font face="Arial">List session from the last 24 hours in domain mydom from workstation jeff:</font></p> <blockquote> <p></font><font face="Courier New">wsses \\jeff -D mydom -A 1</font><font face="Arial"></p> </blockquote> <table border="0" cellpadding="0" cellspacing="0" width="100%"> <tr> <td><font color="#008080" size="5" face="Arial"><strong><br> <a name="Download and installation">Download and installation</a></strong></font></td> <td align="right" valign="bottom"><font size="2" face="Arial">(<a href="#top">top</a>)</font></td> </tr> </table> <p><font face="Arial">Before download and installation you should:</font> <ul> <li><font face="Arial"><a href="http://www.activestate.com/">Download and install Perl</a>.</font></li> <li><font face="Arial">Download  <a href="http://www.ibt.ku.dk/jesper/NetViewX/">NetViewX</a> and <a href="http://www.ibt.ku.dk/jesper/ELDump/">elDump</a> and preferable put them in a directory which are in your path.</font></li> </ul> <p><a href="http://www.ibt.ku.dk/jesper/cgi/download.pl?File=WsSes/WsSes"><font face="Arial">Download current version of WsSes.</font></a></p> <p>The WsSes tool is distributed as a zip file containing WsSes.bat (the tool) and WsSes.htm (this page). If NetViewX and elDump is not in your path you must edit WsSes<font face="Arial">.bat to include the absolute path to these tools. Otherwise you do not have to install the tool - simply run it from a command line.</font></p> <p><font face="Arial">You may also want to look at the other <a href="http://www.ibt.ku.dk/jesper/NTtools/" target="_top">NT tools</a> by Jesper.</font></p> <table border="0" cellpadding="0" cellspacing="0" width="100%"> <tr> <td><font color="#008080" size="5" face="Arial"><strong><br> <a name="Version history">Version history</a></strong></font></td> <td align="right" valign="bottom"><font size="2" face="Arial">(<a href="#top">top</a>)</font></td> </tr> </table> <table border="0"> <tr> <td valign="top"><strong><font face="Arial">version</font></strong></td> <td></td> </tr> <tr> <td valign="top"><font face="Arial">0.1</font></td> <td><font face="Arial">Initial release. Consider this a beta release.</font></td> </tr> </table> <hr> <p align="right"><font size="2" face="Arial"><em>last changed 20. juli 1999</em></font></p> </font>  </body>