How to See Who Is Logged into a Remote Computer? [2024]

In today's globalized society, remote access is a crucial tool for IT experts and administrators. It allows for efficient troubleshooting, software updates, and technical support – all from the comfort of your own desk.

On the other hand, this ease of use also brings the chance of someone getting into your account without permission. Malicious actors might exploit vulnerabilities in remote access protocols to gain sensitive data or wreak havoc on your systems.

This article explores various methods about how to see who is logged into a remote computer. By implementing these techniques, you can maintain control over remote access and ensure the security of your network.

So, keep reading till the end of this technical how-to guide. Happy learning!

Maintaining Control: Different Ways to See Who Is Logged into a Remote Computer

Here's a comprehensive toolbox of methods to see who is remotely logged into a computer:

Method 1: Use Command Prompt or PowerShell

To see who is logged into a remote computer, you can use the "Command Prompt" or "PowerShell" tools.

Step 1: Open the "Run" box by pressing the "Windows + R" keys. Type "cmd" or "PowerShell" and press "Enter."

Step 2: The Command Prompt / PowerShell window will appear. Enter one of the commands below and press "Enter," replacing RemoteComputerName with the name of your remote computer.

quser /server:RemoteComputerName

query user /server:RemoteComputerName

Query information from multiple computers:

quser /server:computer1 & quser /server:computer2 & quser /server:computer3

Step 3: Once you execute the command, the terminal will show you the name of the user who is currently using the remote computer.

You can also use the Get-CimInstance cmdlet in PowerShell to check if someone is using a computer on the network (Equivalent to Get-WmiObject. But starting in PowerShell 3.0, this cmdlet has been superseded by Get-CimInstance.):

Get-CimInstance -ClassName Win32_ComputerSystem -ComputerName $computername | Select -ExpandProperty username

Method 2: Use Windows Sysinternals Tool

The Sysinternals Suite is a set of tools used for troubleshooting. To manually install the Sysinternals Suite on Windows 10, you can follow these steps:

Step 1: Download the Sysinternals Suite from the official Microsoft Sysinternals Suite page.

Step 2: Once downloaded, extract the contents of the zip file to a folder of your choice on your Windows 10 system.

Step 3: Install using PowerShell (If you prefer to use PowerShell, you can install the Sysinternals Suite with the following command.)

winget install sysinternals --accept-package-agreements

Step 4: Follow the instructions and wait for a few minutes. The Sysinternals Suite will be successfully installed on your Windows computer.

If you have this suite installed on your computer, you can use the "PsLoggedOn" command [ PsLoggedOn \\RemoteComputerName ] through PowerShell or Command Prompt. Here's how:

Step 1: Launch "Command Prompt" or "PowerShell."

Step 2: Once the screen appears, paste the following command. Instead of RemoteComputerName, enter the actual name of the remote system.

PsLoggedOn \\RemoteComputerName

Step 3: The names of the logged-in users on the remote system will now be displayed.

Method 3: Use NBTSTAT Command

To see who is logged into a remote computer using the NBTSTAT command, you can follow these steps:

Step 1: Open the Command Prompt by pressing Windows + R, typing "cmd," and pressing "Enter."

Step 2: Type the following command and replace RemoteComputerName with the NetBIOS name of the remote computer you want to check:

nbtstat -a RemoteComputerName

nbtstat -A IP Address (If you only know the IP address)

Step 3: Press "Enter." The command will display the NetBIOS name table of the remote computer, which includes the names of logged-in users.

However, this method has limitations for identifying active users specifically for remote access. Here's why:

NBTSTAT primarily focuses on NetBIOS names, a legacy name resolution protocol that predates Active Directory and may not always reflect current usernames.

It only shows usernames for shared resources on the remote machine. If a user is logged in but hasn't accessed any shared resources, NBTSTAT won't pick them up.

Therefore, while NBTSTAT can provide some information about network devices, it shouldn't be solely relied upon to identify active remote users. Consider it as a supplementary tool along with other methods mentioned in this article.

Method 4: Use Event Viewer

Event Viewer offers a window into system security events, providing valuable legal data for auditing purposes. To identify successful login attempts, follow these steps:

Step 1: Open Event Viewer (search for it in the Start menu or taskbar search).

Step 2: Then, navigate through the tree structure on the left panel to Windows Logs > Security.

Step 3: Next, look for events with Event ID 4624. This specific event message indicates "An account was successfully logged on."

By reviewing the details of these events, you can collect valuable information about the user who logged in, including their username, domain (if applicable), and the workstation used to access the remote machine.

This information can be crucial for identifying unauthorized access or investigating suspicious activity. However, it is worth noting that this function is avaibale only if you have admin right to the windows computer or windows server.

In addition, if you do not enable logon auditing, Windows will not log information such as these logon events and usernames to the security log. To enable logon auditing, please view the following steps:

Step 1: Type "gpedit.msc" in the start menu or search box to open the Local Group Policy Editor.

Step 2: In the left pane, go to "Local Computer Policy" > "Computer Configuration" > "Windows Settings" > "Security Settings" > "Local Policies" > "Audit Policy. " In the right pane, double-click to open the "Audit logon events" setting.

Step 3: Open the Properties window and check the "Success" and "Failure" options to enable Windows to record successful or failed login attempts. Then click the "OK" button.

Method 5: Use Task Manager

While Task Manager might not always provide a clear distinction between local and remote users, it can be a useful tool for quick checks on a local machine that also supports remote access functionality. Here's how to use it:

Step 1: Firstly, right-click on the taskbar and select "Task Manager." Or you can use the Ctrl + Shift + Esc key combination to open Task Manager.

Step 2: After that, look for a dedicated "Users" tab (availability depends on the Windows version) and then click on the "Users" tab. If present, this tab displays a list of users currently logged in locally, including those logged in remotely to the same machine.

Method 6: Use Remote Desktop Services Manager

For systems configured as Remote Desktop Session Hosts (RDSH) in Windows Server, use the Remote Desktop Services Manager tool to manage and monitor remote desktop sessions.

To open "Remote Desktop Services Manager" through Microsoft Management Console, follow these steps:

Step 1: Open the Run window, type "mmc," and press "Enter." Next, a new pop (regarding the Microsoft Management Console) will come, and click on the "Yes" option.

Step 2: Go to the File menu, and select "Add/Remove Snap-in."

Step 3: Under "Available snap-ins," choose "Remote Desktop Services Manager," then click "Add."

Step 4: In the "Select Computer" dialog box, decide if you want to connect to the local computer or another one. If selecting "Another Computer," either enter the computer name or use "Browse" to find it. Click "OK."

Step 5: In the "Add or Remove Snap-ins" dialog box, click "OK."

Therefore, you can easily use this command to see who is logged into a remote computer.

After entering into the "Remote Desktop Services Manager" interface, simply click on the "Users" tab to see all details about the users.

In the same way, you can also see all the active remote desktop sessions including usernames, session IDs, connection details, etc by clicking on the "Sessions" tab.

Tips: Bolstering Your Remote Access Defenses

Maintaining control over remote access goes beyond identifying users. Now, consider the following additional security measures. Let’s get started!

Enforce Strong Passwords

Implement complex passwords for all remote access accounts and enforce regular password changes. Don't use passwords that are easy to guess or weak.

Enable Multi-Factor Authentication (MFA)

Add an extra layer of security with MFA, requiring a secondary verification method like a code from your phone or security token. This significantly increases the difficulty for unauthorized users to gain access, even if they manage to steal a password.

Limit Remote Access Users

Restrict remote access permissions to authorized personnel who genuinely require it for their work. Avoid granting broad access privileges unless absolutely necessary. The principle of least privilege dictates that users should only have the access level required to perform their designated tasks.

Utilize VPNs

Consider using a virtual private network (VPN) to create a secure tunnel for remote access, encrypting data transmission. VPNs add an extra layer of security by ensuring that data travels through an encrypted channel, even over public networks.

Monitor Login Attempts

Implement tools to monitor login attempts, allowing you to detect and potentially block suspicious activity. These tools can raise red flags for unusual login attempts, such as attempts from unexpected locations or at odd hours. By monitoring these attempts, you can take proactive measures to investigate and potentially block unauthorized access.

Through combining these mentioned methods with robust security practices, you can ensure that only authorized users gain access to your remote computers, safeguarding your valuable information and systems.

Final Thoughts

In a nutshell, to maintain visibility into who's accessing your PC or see who is logged into a remote computer is crucial for ensuring the security of your network.

By leveraging the methods outlined in this article, you can effectively identify remote users and implement additional security measures to create a robust defense against unauthorized access.

Remember, vigilance and proactive security measures are also essential for protecting your valuable data and systems in today's ever-evolving threat landscape.