If you are working in a corporate environment in an IT department then this post will definitely help you. In this article, we’ll show how to get the list of current logon sessions on any Windows machine or server. The LogonSessions tool helps you to get the current active logon session as well as all processes running in each session using the command prompt. This utility comes in a lightweight package, you no need to install this tool, you directly run it using a command prompt. Also, you can run this tool from the USB drive also. This utility not only captures the logon information, but it also captures all types of Windows Authentication. Here are some of the examples of windows authentications.
- Via an interactive user logon at a console or remote desktop dialog box
- Through network authentication to a file share or a Web application
- By the service control manager using saved credentials to start a service
- Via the Secondary Logon service using Runas.exe
- Simply “asserted” by the operating system, as is done with the System account and for NT AUTHORITY\ANONYMOUS LOGON.
You can capture these types of logon sessions and the process running on each session using this LogonSession tool.
List out Current Logon Sessions in Windows:
Download the Logon Session tool from the link.
Next, extract the zip file and open the folder, Now you can see three logonsession tools.
Logonsessions –>32-bit
Logonsessions64 –> 64-bit
LogonsessionsA –> AMD processor
Copy the respective tool that matches your system processer and paste it in the C drive.
Now open the Command prompt in elevated mode and navigate to C drive, by typing CD\.
Now type logonsessions and hit enter. This command will list out all running session on your computer.
This will give the following details of the sessions.
- LUID
- User name
- Auth package
- Logon type
- Session
- Sid
- Logon time
- Logon server
- DNS Domain
- UPN
You can also use the following three commands to get the detailed information.
Parameter | Description |
-c | Print output as CSV. |
-ct | Print output as tab-delimited values. |
-p | List processes running in logon session. |
Click on the link to know more about the Logon session.
Read: Add or Remove Credentials in Credential Manager using cmd