We have a XP machine which runs scheduled tasks early in the morning and unfortunately has to be logged into the desktop of a certain user for that to work. Unfortunately, that user sometimes gets logged out—either from an administrator logging in (and forgetting to log back in the correct user), or from it being restarted to apply security updates, etc.
I'd like to have Nagios monitor the currently logged in user, to confirm its the right one. Nagios is running on Linux.
So far, I've looked for an SNMP variable with the current user; I've had no luck. I tried snmpbulkwalk -m all -v2c -c community machine
and grep'd it for the user name, and also did a before login & after login, and checked the diff, and found nothing useful.
I checked the net
command (from Samba), but I don't see anything there—though I admit its possible I missed something. The various session
options seem to only display the net
session (even when I use my domain admin account).
%WINDIR%\System32\dllcache\query.exe session
will give you a list of all the currently logged on users on WinXP.For some reason, query.exe was not in my path environment variable on my WinXP test machine so that is why I specified the entire path.
If you need something that is capable of getting this information remotely over RPC/DCOM, then check out a couple of things I wrote:
http://myotherpcisacloud.com/post/2013/01/16/Usersexe-v1003.aspx
http://www.myotherpcisacloud.com/post/2013/01/13/Getting-RDP-Sessions-with-Client-Computer-Name.aspx
By the way, you need to get off of XP ASAP. It's very old.
Edit: OK, I am going to give you another alternative since none of this has helped you yet. You want to query this WinXP machine over the network using your Linux machine. You want to use WMI. You have found a WMI client for Linux. So far so good.
This will get you currently logged on users of a local or remote machine through WMI WQL queries. I wrote this in Powershell. Sorry, I won't (read: can't) convert it to Perl or Bash for you, but the concept is what is still the same as long as you can do WQL queries:
LogonTypes of 2 and 10 cover both local and remote interactive sessions, but not service logons, network logons, or batch logons.
Yes, you do need permissions to access the WinXP machine. It's not just going to cough up all this data for an anonymous network process. The local groups on WinXP are not very granular, because WinXP is very old, and its security is far inferior to that of modern versions of Windows... my point being that putting your network monitoring user in the local Admins group of the WinXP machine may be your best option. But I commend you if you still want to go with the principle of least privilege, in which case, you can use the WMI Control Console, wmimgmt.msc, and set the permissions to exactly whatever account you want to assign the permissions to.
Thanks yo @Ryan Ries, here is the actual Perl script I'm using. Hopefully it proves useful to someone else. It appears to be working, please feel free to report any bugs. I'll try to remember to update this if I find any.
Also, I couldn't find any way to make this work on XP other than putting the monitoring user in Administrators. I think that's the only way to do it on XP.
Changelog