General discussion

Locked

DHCP addresses to logon names

By echilders ·
Hi, can anyone tell me how I can see which user is using a DHCP assigned IP address in Windows 2000 networking?

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Does not work that way

by LordInfidel In reply to DHCP addresses to logon n ...

DHCP does not work at that level.

It knows nothing about usernames and passwords. The dhcp process is done long before the user logs on.

The closest bit of information you will be able to get is the machine name. (via the DHCP server) Once you know the machine name, you should be able to determine who was logging in and at what time. You do this by looking at the event logs on that machine.

Collapse -

nbtstat

by john.chilson In reply to Does not work that way

what about doing an nbtstat on the IP address? That should tell you what machine, logged on user, domain, and mac address. For one or two users it wouldn't be bad...for an entire network...OUCH. I'd write a logon script and send all the logons to an excel document, logging IP address, Username, and anything else that might seem useful.

Collapse -

Not exactly.....

by LordInfidel In reply to nbtstat

It won't tell you who is logged on interactively on that machine at the given moment.

Your best, assuming that these are 2k or Nt4 machines. Is to enable logging for log on/log off.

Then in your event logs, security, you can see who the last person to log on was.

OR..... If you want to get fancy. You can install
Rshsvc.exe on the remote machine. Which is a remote command line viewer. Then upload whoami to that machine. And then run whoami and it will tell you who is logged on to that machine.
(Brought to you by the folks at Microsoft, from the 2K resource Kit)

Collapse -

My mistake

by LordInfidel In reply to nbtstat

I thought you were saying netstat for some reason....

you are correct,

nbtstat -A <ip> will return the machine name info.
It won't return the user who is interactively logged in though.

Another tool however will:

http://www.inetcat.org/software/nbtscan.html

<again, not quite sure why I did not think about that before.... bad admin. bad>

Collapse -

And still - there is a GOD !! :)

by voldar In reply to My mistake

As I allready posted in the Q&A Topic - there is a tool - from SysInternals that you can use to see what you are looking for: psloggedon.exe
In fact there is a kit of 12 tools that can help you on your admin activity. Thank you for asking such a question, because I wanted and I found this tool to solve the problem you were asking.
NBTSTAT is a good one - but not allways solve the logged user name.

Collapse -

Again I sit corrected.....

by LordInfidel In reply to And still - there is a GO ...

Sometimes when you have *too* many tools, you forget what to use.

This is where organization comes into play, which I beleive I will start "sorting" my toolkit into logical segments.

For those of you reading and not aware of sysinternals tools. They are a must have for every admin and wanna be cracker.

I posted a sick little game I like to play with some of the tools a while ago.

http://techrepublic.com.com/5208-6230-0.html?forumID=3&threadID=129938&start=0&tag=search

very much fun that pskill is.

Back to IT Employment Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums