Yesterday i discovery two news commands from Windows7 (... and windows xp), the amazing command 'whoami', it´s largest used in Linux, and it utility is know who´s the curent session owner, i have suprised when keypress 'whoami' in windows 7 and the session owner was showed to me.
Other interesting command is the LogonSession, it returns all the sessions opened on current os, if has other session (user) opened and frozen, it will appears when th ecommand LogonSession is used, i may see all the sessions opened. If i have two CMD windows opened, one with Administrator and other with other user, after i use LogonSession, this two windows is treated separately and showed when use LogonSession command.
However ... the whoami command is internals, but the LogonSession command needs have downloaded from SystemInternals from microsoft.
c:\> logonsession /p
Logonsesions v1.21
Copyright (C) 2004-2010 Bryce Cogswell and Mark Russinovich
Sysinternals - wwww.sysinternals.com
[0] Logon session 00000000:000003e7:
User name: WORKGROUP\AV-PC$
Auth package: NTLM
Logon type: (none)
Session: 0
Sid: S-1-5-18
Logon time: 11/07/2012 09:38:53
Logon server:
DNS Domain:
UPN:
280: smss.exe
356: csrss.exe
392: wininit.exe
404: csrss.exe
432: winlogon.exe
492: services.exe
500: lsass.exe
508: lsm.exe
616: svchost.exe
672: VBoxService.exe
864: svchost.exe
912: svchost.exe
1308: spoolsv.exe
1172: SearchIndexer.exe
2920: svchost.exe
[1] Logon session 00000000:000060a1:
User name:
Auth package: NTLM
Logon type: (none)
Session: 0
Sid: (none)
Logon time: 11/07/2012 09:38:53
Logon server:
DNS Domain:
UPN:
[2] Logon session 00000000:000003e4:
User name: WORKGROUP\AV-PC$
Auth package: Negotiate
Logon type: Service
Session: 0
Sid: S-1-5-20
Logon time: 11/07/2012 09:38:55
Logon server:
DNS Domain:
UPN:
724: svchost.exe
1184: svchost.exe
1832: svchost.exe
1788: sppsvc.exe
2976: wmpnetwk.exe
2512: WmiPrvSE.exe
[3] Logon session 00000000:000003e5:
User name: NT AUTHORITY\LOCAL SERVICE
Auth package: Negotiate
Logon type: Service
Session: 0
Sid: S-1-5-19
Logon time: 11/07/2012 09:38:55
Logon server:
DNS Domain:
UPN:
820: svchost.exe
1096: svchost.exe
1344: svchost.exe
1444: svchost.exe
[4] Logon session 00000000:0001431e:
User name: NT AUTHORITY\ANONYMOUS LOGON
Auth package: NTLM
Logon type: Network
Session: 0
Sid: S-1-5-7
Logon time: 11/07/2012 09:38:59
Logon server:
DNS Domain:
UPN:
[5] Logon session 00000000:0001c457:
User name: AV-PC\AV
Auth package: NTLM
Logon type: Interactive
Session: 1
Sid: S-1-5-21-1374473137-781671793-3807514444-1000
Logon time: 11/07/2012 09:39:10
Logon server: AV-PC
DNS Domain:
UPN:
2528: dllhost.exe
2756: cmd.exe
2764: conhost.exe
2616: logonsessions.exe
[6] Logon session 00000000:0001c487:
User name: AV-PC\AV
Auth package: NTLM
Logon type: Interactive
Session: 1
Sid: S-1-5-21-1374473137-781671793-3807514444-1000
Logon time: 11/07/2012 09:39:10
Logon server: AV-PC
DNS Domain:
UPN:
600: taskhost.exe
188: dwm.exe
1128: explorer.exe
1960: VBoxTray.exe
1944: cfp.exe
3352: cmd.exe
3360: conhost.exe
c:\> whoami
my-homepc\mozart
Nenhum comentário:
Postar um comentário