Training
Modul
使用 Windows PowerShell 会话管理与远程计算机的持久连接 - Training
本模块介绍如何建立和管理与远程计算机(称为 Windows PowerShell 会话或 PSSessions)的持久连接。
LogonSessions v1.41
By Mark Russinovich
Published: November 25, 2020
Download LogonSessions (667 KB)
If you think that when you logon to a system there's only one active logon session, this utility will surprise you. It lists the currently active logon sessions and, if you specify the -p option, the processes running in each session.
Usage: logonsessions [-c[t]] [-p]
| Parameter | Description |
|---|---|
| -c | Print output as CSV. |
| -ct | Print output as tab-delimited values. |
| -p | List processes running in logon session. |
Shell
C:\>logonsessions -p
[13] Logon session 00000000:6a6d6160:
User name: NTDEV\markruss
Auth package: Kerberos
Logon type: RemoteInteractive
Session: 1
Sid: S-1-5-21-397955417-626881126-188441444-3615555
Logon time: 7/2/2015 6:05:31 PM
Logon server: NTDEV-99
DNS Domain: NTDEV.CORP.MICROSOFT.COM
UPN: markruss@ntdev.microsoft.com
15368: ProcExp.exe
17528: ProcExp64.exe
13116: cmd.exe
17100: conhost.exe
6716: logonsessions.exe
Download LogonSessions (667 KB)
Runs on:
- Client: Windows Vista (32-bit)and higher
- Server: Windows Server 2008 and higher
- Nano Server: 2016 and higher
Zousätzlech Ressourcen
Dokumentatioun
-
转储事件日志记录。
-
RootkitRevealer - Sysinternals
扫描系统中基于 rootkit 的恶意软件。
-
Sysinternals 安全实用程序 - Sysinternals
Windows Sysinternals 安全实用程序