Finding Logged-On Users¶
Individual Workstation¶
Lists interactive, service, and batch logons (service/batch entries can persist after a user logs off due to impersonation).
Enumerate users on an individual workstation - PowerView.ps1
Get-NetLoggedon -ComputerName <workstation name>
Note: remote queries often require administrative rights on newer Windows OSes.
Domain-Wide Enumeration¶
Enumerate sessions established on a server (not necessarily interactive logons on the client).
May require admin privileges depending on info level / configuration (levels 1/2 require local Administrators or Server Operators).
Use against file servers and domain controllers