Is there a way to show who is currently logged into a Windows server? Right now I have it set up to get alerts when a user logs on, but am looking for a realtime display of who is logged in.
Solved! Go to Solution.
As you are aware and are probably already using the Windows events within Prognosis to monitor for the key login events.
"Windows Security Log Event ID 4624 which you can tie this event to logoff events 4634 and 4647 using Logon ID.. though I realize you are probably looking for the current users logged on.
The easiest way is to create a display using NTProcess, only include the field "username" and maybe "Busy %" and then do a Combine over the "Username" field and only show combined data. This will give you a list of all users logged in and running processes.. as if they are logged in they will be running 'something'.
Then you can filter out your service accounts for MSSQL, NTAUTHORITY, etc to get your users, usually the non-service accounts jump out like a sore thumb and you can flag them as such using a visual alert.
Thank you Christopher. This is extremely helpful. Is there a way to have it say what server the user is logged into without doing separate displays per server? I'm trying to monitor 5 servers in one display.
Yes, super easy, have the node be "Entire Network" or the Nodegroup you desire.
Then display the meta ".Nodename" in the display.