If you think that when you logon to a system there’s only one active logon session, this utility will surprise you. It lists the currently active logon sessions and, if you specify the -p option, the processes running in each session.
Result Below :
C:Documents and SettingsAdministratorDesktop>logonsessions.exe
Logonsesions v1.1
Copyright (C) 2004 Bryce Cogswell and Mark Russinovich
Sysinternals – wwww.sysinternals.com[0] Logon session 00000000:000003e7:
User name: WORKGROUPHOMER$
Auth package: NTLM
Logon type: (none)
Session: 0
Sid: S-1-5-18
Logon time: 12/12/2009 3:47:26 PM
Logon server:
DNS Domain:
UPN:[1] Logon session 00000000:0000e5c6:
User name:
Auth package: NTLM
Logon type: (none)
Session: 0
Sid: (none)
Logon time: 12/12/2009 3:47:26 PM
Logon server:
DNS Domain:
UPN:[2] Logon session 00000000:000003e4:
User name: NT AUTHORITYNETWORK SERVICE
Auth package: Negotiate
Logon type: Service
Session: 0
Sid: S-1-5-20
Logon time: 12/12/2009 3:47:27 PM
Logon server:
DNS Domain:
UPN:[3] Logon session 00000000:000003e5:
User name: NT AUTHORITYLOCAL SERVICE
Auth package: Negotiate
Logon type: Service
Session: 0
Sid: S-1-5-19
Logon time: 12/12/2009 3:47:28 PM
Logon server:
DNS Domain:
UPN:[4] Logon session 00000000:000115b5:
User name: HOMERAdministrator
Auth package: NTLM
Logon type: Interactive
Session: 0
Sid: S-1-5-21-1659004503-1454471165-682003330-500
Logon time: 12/12/2009 3:47:28 PM
Logon server: HOMER
DNS Domain:
UPN:[5] Logon session 00000000:00028242:
User name: NT AUTHORITYANONYMOUS LOGON
Auth package: NTLM
Logon type: Network
Session: 0
Sid: S-1-5-7
Logon time: 12/12/2009 3:47:44 PM
Logon server:
DNS Domain:
UPN:[6] Logon session 00000000:000492f4:
User name: HOMER__vmware_user__
Auth package: NTLM
Logon type: Interactive
Session: 0
Sid: S-1-5-21-1659004503-1454471165-682003330-1004
Logon time: 12/12/2009 3:48:08 PM
Logon server: HOMER
DNS Domain:
UPN: