The WsSes command will list logon/logoff sessions from one or more workstations. WsSes reads the Security Event Logs on all domain controllers to get the session information. For this to work you must have enabled audit of Logon and Logoff at the Domain Controller (you do that in the User Manager for Domains at the Policies, Audit menu). Also, when running the WsSes command you must have the SE_SECURITY_NAME User Right (you will normally have this User Right if you run as Administrator).
For each session WsSes will print: date of logon, time of logon, date of logoff, time of logoff, user id and workstation name. Note that WsSes will have to read through the Security Event Logs on all the Domain Controllers. If these logs are large WsSes can take quite a while to execute.
WsSes is a Perl program which internally uses the NetViewX and elDump commands. It is written by Jesper Lauritsen and is in the Public Domain.
WsSes takes the following arguments:
|\\workstation||Name of workstation to list sessions for. You can specify one or more workstations.|
|-D domain||Domain to list sessions for. Default is the current domain.|
|-S [dir]||Also look in event logs saved with elSavClr (see the documentation for elDump -S).|
|-a time||Only list sessions after this time [YY]YYMMDD[HH[MM[SS]]].|
|-A days||Only list sessions in the last specified number of days.|
|-b time||Only list sessions before this time [YY]YYMMDD[HH[MM[SS]]].|
|-B days||Only list sessions before the specified number of days.|
|-s seconds||Do not list sessions shorter than the specified number of seconds. Clients not running Windows NT often makes some short spurious sessions when connecting. Default is not to list sessions shorter than 30 seconds.|
|-m||Do not merge overlapping sessions to same workstation. Often clients will have more than one concurrent session, and some times they will end a session and then start a new one right away. Default is to merge such sessions to one session in the list.|
|-i||Also list the session id. The session id will also identify the Domain Controller which validated the logon.|
|-v||Print some trace info to standard error.|
List sessions from workstation bill:
List all sessions from workstation bill:
wsses \\bill -s0 -m
List session from the last 24 hours in domain mydom from workstation jeff:
wsses \\jeff -D mydom -A 1
Download and installation
Before download and installation you should:
Download current version of WsSes.
The WsSes tool is distributed as a zip file containing WsSes.bat (the tool) and WsSes.htm (this page). If NetViewX and elDump is not in your path you must edit WsSes.bat to include the absolute path to these tools. Otherwise you do not have to install the tool - simply run it from a command line.
You may also want to look at the other NT tools by Jesper.
|0.1||Initial release. Consider this a beta release.|
last changed 20. juli 1999