JSI Tip 8103. Freeware LogonSessions.exe lists all the active logon session on your computer.

Download LogonSessions.zip.

You will be surprised at the number of active logon sessions on your computer.

The syntax for using LogonSessions.exe is:

LogonSessions [-p]

where -p lists the processes running in each session.

When I typed logonsessions -p on my Windows XP desktop, I received:

LogonSessions 1.0Copyright (C) 2004 Bryce CogswellSysinternals - www.sysinternals.com[0] Logon session 00000000:000003e7:    User name:    JSIINCJSI009$    Auth package: Negotiate    Logon type:   (none)    Session:      0    Sid:          S-1-5-18    Logon time:   05/28/2004 13:13:24    Logon server:    DNS Domain:   JSIINC.COM    UPN:      768: SystemRootSystem32smss.exe      876: ??C:WINDOWSsystem32winlogon.exe      924: C:WINDOWSsystem32services.exe      936: C:WINDOWSsystem32lsass.exe     1124: C:WINDOWSsystem32svchost.exe     1248: C:WINDOWSSystem32svchost.exe     1584: C:WINDOWSsystem32spoolsv.exe     1736: C:WINDOWSSystem32cisvc.exe     1780: C:WINDOWSSystem32inetsrvinetinfo.exe     1792: C:Program FilesCAeTrust AntivirusInoRpc.exe     1808: C:Program FilesCAeTrust AntivirusInoRT.exe     1868: C:Program FilesCAeTrust AntivirusInoTask.exe     2028: C:Program FilesDellPSMiomgr.exe      176: C:Program FilesCASharedComponentsCA_LICLogWatNT.exe      208: C:WINDOWSSystem32vsvc32.exe      704: C:Program FilesRemotelyAnywhereRaMaint.exe     1220: C:Program FilesRemotelyAnywhereRemotelyAnywhere.exe     1424: C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions50binOWSTIMER.EXE     1532: C:WINDOWSSystem32svchost.exe     1644: C:Program FilesTapeWareTWWINSDR.EXE     1820: C:Program Filesuphcleanuphclean.exe     1596: C:WINDOWSSystem32ups.exe     2136: C:Program FilesIntelASF AgentASFAgent.exe     2364: C:WINDOWSSystem32Fast.exe     2376: C:Program FilesRaxcoPerfectDiskPDSched.exe     2480: C:Program FilesDellPSMarcpd.exe     2552: C:Program FilesDellPSMotify.exe      632: C:WINDOWSsystem32cidaemon.exe      348: C:WINDOWSsystem32cidaemon.exe      604: C:WINDOWSSystem32dllhost.exe[1] Logon session 00000000:0000c0e9:    User name:    Auth package: NTLM    Logon type:   (none)    Session:      0    Sid:          (none)    Logon time:   05/28/2004 13:13:24    Logon server:    DNS Domain:    UPN:[2] Logon session 00000000:000003e4:    User name:    NT AUTHORITYNETWORK SERVICE    Auth package: Negotiate    Logon type:   Service    Session:      0    Sid:          S-1-5-20    Logon time:   05/28/2004 13:13:25    Logon server:    DNS Domain:    UPN:[3] Logon session 00000000:000003e5:    User name:    NT AUTHORITYLOCAL SERVICE    Auth package: Negotiate    Logon type:   Service    Session:      0    Sid:          S-1-5-19    Logon time:   05/28/2004 13:13:25    Logon server:    DNS Domain:    UPN:[4] Logon session 00000000:0000edb8:    User name:    JSIINCJerry    Auth package: Kerberos    Logon type:   Interactive    Session:      0    Sid:          S-1-5-21-4941052328-421961685-9873763951-1113    Logon time:   05/28/2004 13:13:33    Logon server: JSI001    DNS Domain:   JSIINC.COM    UPN:     3440: C:WINDOWSExplorer.EXE     3520: C:WINDOWSSystem32DSentry.exe     3536: C:WINDOWSSystem32taskswitch.exe     3568: c:windowssystem32taskmgr.exe     3600: C:Program FilesRoxioEasy CD Creator 6DragToDiscDrgToDsc.exe     3608: C:Program FilesRoxioEasy CD Creator 6AudioCentralRxMon.exe     3632: C:PROGRA~1CAETRUST~1realmon.exe     3644: C:Program FilesJavaj2re1.4.2_03binjusched.exe     3652: C:Program FilesRemotelyAnywhereragui.exe     3664: C:WINDOWSsystem32RUNDLL32.EXE     3672: C:Program FilesMessengermsmsgs.exe     3736: C:Program FilesAdobeAcrobat 5.0DistillrAcroTray.exe     3800: C:UTILCLIPPOOL.EXE     3864: C:WINDOWSSYSTEM32fastkey.exe     4000: C:Program FilesRoxioEasy CD Creator 6AudioCentralPlaylist.exe     4072: C:Program FilesInternet Exploreriexplore.exe     3308: C:PROGRA~1MICROS~2Office10OUTLOOK.EXE     3368: C:Program FilesMicrosoft OfficeOffice10FRONTPG.EXE     3560: C:Program FilesMicrosoft OfficeOffice10MSACCESS.EXE     3620: C:WebCompilerwebcompiler.exe     3900: C:WINDOWSsystem32tvdm.exe     3952: C:WINDOWSsystem32otepad.exe      684: C:WINDOWSsystem32otepad.exe     2008: C:Program FilesAmerican SystemsPrint Screen Deluxeprntscrn.exe     3216: C:AGENTagent.exe     2716: C:WINDOWSNOTEPAD.EXE     2816: C:WINDOWSSYSTEM32CMD.EXE     3112: C:UTILLogonSessions.exe[5] Logon session 00000000:00011cd0:    User name:    NT AUTHORITYANONYMOUS LOGON    Auth package: NTLM    Logon type:   Network    Session:      0    Sid:          S-1-5-7    Logon time:   05/28/2004 13:13:34    Logon server:    DNS Domain:    UPN:[6] Logon session 00000000:0001377a:    User name:    JSI009Administrator    Auth package: NTLM    Logon type:   Batch    Session:      0    Sid:          S-1-5-21-6978815494-9318855973-900065691-500    Logon time:   05/28/2004 13:13:35    Logon server: JSI009    DNS Domain:    UPN:[7] Logon session 00000000:00049a0f:    User name:    JSI009IUSR_JSI009    Auth package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0    Logon type:   Interactive    Session:      0    Sid:          S-1-5-21-6978815494-9318855973-900065691-1006    Logon time:   05/28/2004 13:14:01    Logon server: JSI009    DNS Domain:    UPN: