Windows 10: Find Who is Logged in

By Mitch Bartlett 17 Comments

If you’re wondering how to find out who is currently logged into a Microsoft Windows 10 computer, there are several ways to proceed. Here are a few common methods you can use from a remote computer or logged into the local computer you are querying.

WhoAmI Command

The “whoami” command displays the user you are currently logged in and using in Windows.

1. Hold down the Windows Key, and press “R” to bring up the Run window.
2. Type “CMD“, then press “Enter” to open a command prompt.
3. At the command prompt, type the following then press “Enter“:
   whoami
4. The computer name or domain followed by the username is displayed.

Query User Command

This command allows you to see all users currently logged into the computer.

Locally

1. Hold down the Windows Key, and press “R” to bring up the Run window.
2. Type “CMD“, then press “Enter” to open a command prompt.
3. At the command prompt, type the following then press “Enter“:
   query user
4. The computer name or domain followed by the username is displayed.

Remotely

1. Hold down the Windows Key, and press “R” to bring up the Run window.
2. Type “CMD“, then press “Enter” to open a command prompt.
3. At the command prompt, type the following then press “Enter“:
   query user /server:computername
   Replace “computername” with the actual computer name of the system you are querying.
   
4. The computer name or domain followed by the username is displayed.

Task Manager

1. Right-click the taskbar, then select “Task Manager“.
2. Select the “Users” tab.
3. Details on the users logged into the machine are displayed.

1. Hold down the Windows Key, and press “R” to bring up the Run window.
2. Type “CMD“, then press “Enter” to open a command prompt.
3. At the command prompt, type the following then press “Enter“:
   WMIC /NODE:»computername» COMPUTERSYSTEM GET USERNAME
   Replace “computername” with the actual computer name of the system you are querying. You can also replace “computername” with the IP address of the system.
   WMIC /NODE:192.168.1.1 COMPUTERSYSTEM GET USERNAME

You Might Also Like

Filed Under: Windows Tagged With: Windows 10

Getting user name/password of the logged in user in Windows

Is there any API to get the currently logged in user’s name and password in Windows?

Thank you in advance.

10 Answers 10

Password: No, this is not retained for security reasons — it’s used, then discarded. You could retrieve the encrypted password for this user from the registry, given sufficient privileges, then decrypt it using something like rainbow tables, but that’s extremely resource intensive and time consuming using current methods. Much better to prompt the user.

Alternatively, if you want to implement some sort of ‘single signon’ system as Novell does, you should do it via either a GINA (pre-Vista) or a Credential Provider (Vista), which will result in your code being given the username and password at login, the only time at which the password is available.

For username, getting the current username (the one who is running your code) is easy: the GetUserName function in AdvApi32.dll does exactly this for you.

If you’re running as a service, you need to remember there is no one «logged in user»: there are several at any time, such as LocalSystem, NetworkService, SYSTEM and other accounts, in addition to any actual people. This article provides some sample code and documentation for doing that.

For the many commenters who believe it is not possible to reveal the password of the currently logged-in user, see Dump cleartext passwords of logged in user(s) which shows how to use mimikatz to do just that:

I’d consider it a huge security flaw if that were possible!

You can’t get the password of a user since its encrypted (not to mention that its a standard practice not to store passwords in plaintext).

For getting the username, you can use GetUserName or NPGetUser

Note sure how it is done, but «Network Password Recovery» tool from http://www.nirsoft.net/utils/network_password_recovery.html seems to get the password from some cache.

GetUserName will get you the name, but the password you can’t get. It’s not even something Windows stores, AFAIK — only a hash of your password.

Depending on what you’re trying to achieve (you can tell us a bit more..) it’s possible to impersonate a logged on user and do stuff on his/her behalf.

Full details of Authentication in the Windows API can be found on MSDN: http://msdn.microsoft.com/en-us/library/aa374735(VS.85).aspx

I don’t know about the windows login password. but you can definitely pull plaintext passwords from the Credentials Manager. For example here is a program to pull the password for TFS. In most cases, this is the same as the Windows Login.

I compiled this as «console» app under vs 2015 with Nuget package TeamFoundation ExtendedClient.

You can get the user name with GetUserName(), but you cannot get the password; this would violate security for dummies 101.

re «Network Password Recovery» tool
Windows (upto XP) stores a copy of the passwd with a simpler easy to break encryption — for connecting to older style lanmanager network shares. The tools generaly try all possible passwords against this, using rainbow tables (precaluted encrypted versions of dictionary words) speeds this up.

In XPsp2/3 Vista this feature is removed. The new encryption is much harder to crack and needs many hours to try all possible values, there are online services that will run it on large number of machines to give you a quick answer for a price.

To answer the original poster — you do not generally store the password and compare it with what the user typd in. You encrypt (actually hash) the entered password and store that. To check a password you perform the same encryption on whatever the user enetered and compare that. It is generally impossible to go from the encrypted form back to the real password.

EDIT I suspect you are asking the wrong question here — why do you want the password, what are you trying to verify and when?

Find logged in user windows

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

Is there an easy way to find out which computer a domain user is logging onto? It shows in Event viewer but it takes a lot of time. Windows 2003 Server.

Answers

you can proceed like that:

• Create a Share on a Server and give right NTFS and Share permissions
• Create a Batch file in which you put this script: echo user: %username% computer: %computername% date: %date% > \\Server\Share\info.txt
• Use group policies to apply this Batch file as a logon script

At the end you will get in the text file info.txt:

• The user name
• The used computer
• The date of logon

This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows 7, Configuring
Microsoft Certified IT Professional: Enterprise Administrator

PsLoggedOn tool can be used to find current logged on user to which computer.

Regards

Disclaimer : This posting is provided AS-IS with no warranties or guarantees and confers no rights.

use some scripts as provided already from Richard Mueller:

Best regards Meinolf Weber Disclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Other than PsLoggedOn, this is not easy. AD does not track which user is logged into which computer. You can find which user is logged into a specified computer with a script that connects to the computer, but to find which computer is used by a specific user requires a search of all available computers. Another solution would be a logon script that logs the user and computer names to a shared log file. The command suggested by Mr X could be used. Then you could search the shared log file for the last entry for the user. Or, I have example logon and logoff scripts linked here that log similar information:

There is also a program linked on the page, ParseLogons.vbs, that reads the result log file and parses the logon and logoff events for user sessions. This will tell you if the user is still logged on (if the last event for the user is a logon). A VBScript program that reports who is logged into a specific computer could be as below:

Dim colProperties, strNameOfUser, strUserDomain

‘ Specify or prompt for remote computer.
strComputer = «WST0123»

Set objWMIService = GetObject(«winmgmts:» _
& «!\\» _
& strComputer & «\root\cimv2»)
Set colProcesses = objWMIService.ExecQuery _
(«SELECT * FROM Win32_Process WHERE Name = ‘explorer.exe'»)
For Each objProcess In colProcesses
colProperties = objProcess.GetOwner(strNameOfUser, strUserDomain)
Wscript.Echo «Owner of Explorer.exe on » & strComputer _
& » is » & strUserDomain & «\» & strNameOfUser
Next

This could be modified to retrieve all computers in the domain (using ADO to retrieve all of the names from AD), ping each to see if it is available, then contact each with code similar to above to see if the specified user is logged on. PsLoggedOn does the same, but would be easier to use.

How do I get the currently loggedin Windows account from an ASP.NET page?

I have an ASP.NET 3.5 application that uses ASP.NET forms authentication. I want to be able to get the Windows user name currently logged into the computer (NOT logged into the ASP.NET application, but into Windows) when data is edited in a page.

If I use Context.User.Identity.Name.Tostring() , I get the user name logged into the ASP.NET application, but I need the Windows account name.

Also, it only works when I run the website from Visual Studio, but after deploying to IIS it returns NT AUTHORITY\SYSTEM.

8 Answers 8

You have to set authentication mode to Windows in your configuration & also disable anonymous users in authorization tag.

To get the currently logged in user to a Windows account you have to use Windows authentication instead of Forms authentication :

System.Security.Principal.WindowsIdentity.GetCurrent().Name.Tostring() also only works when i run the website from visual studio but after deploying to IIS it returns NT AUTHORITY\SYSTEM

It shows the application current user. When you host your application on the Visual Studio web server it uses your local account. However, when you will log in to the web application with different credentials it will always show your current Windows login.

An application deployed to IIS uses the NT AUTHORITY\SYSTEM account in your case.

To get the currently logged-in user to Windows in C#, use:

I struggled and struggled and struggled with this. One of the things is that I don’t have access to IIS, that is locked down, so I couldn’t change any of the server settings. I had to go with what I was capable of doing in code. When I researched it, many of the replies said, «set up IIS like this». . .well, that’s great when you have access to IIS, but I didn’t — I had to work with what I could do in code. So, I ended up handling it like this:

In my web config file, I added the following lines of code within the section:

Then, it returned an error on my local, which I had to go in and fix. I went to the applicationhost.config file located in the following path on my machine (yours might be different):

C:\users\»your user name»\My Documents\»yourIISInstallation»\config\applicationhost.config

and I changed the following settings to «allow», which had been set to «deny»: