For Windows administrators needing to check active sessions remotely, the built-in query user command provides the most straightforward solution. When you receive the "Another user is currently logged on" message during RDP connection attempts, run this from an elevated command prompt:
query user /server:SERVERNAMEExample output showing two active sessions:
USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
jsmith console 1 Active none 5/15/2023 8:32 AM
mwilson 2 Disc 3:12 5/15/2023 10:15 AMFor more flexibility, use PowerShell with the qwinsta (query session) command:
$computer = "REMOTE_PC_NAME"
qwinsta /server:$computer | Where-Object { $_ -match 'Active' }Or using WMI for structured data:
Get-WmiObject -Class Win32_LoggedOnUser -ComputerName REMOTE_PC |
Select Antecedent,Dependent | Format-ListCreate a PowerShell function to check multiple machines:
function Get-RemoteSessions {
param(
[string[]]$ComputerNames,
[pscredential]$Credential
)
$sessions = @()
foreach ($computer in $ComputerNames) {
try {
$sessionInfo = Invoke-Command -ComputerName $computer -Credential $Credential -ScriptBlock {
query user
}
$sessions += [PSCustomObject]@{
ComputerName = $computer
Sessions = $sessionInfo
}
} catch {
Write-Warning "Failed to query $computer : $_"
}
}
return $sessions
}To reset stale sessions remotely:
logoff SESSION_ID /server:SERVERNAMEOr through PowerShell:
Reset-RDSession -HostServer SERVERNAME -SessionID SESSION_ID -ForceRemember these critical points when checking remote sessions:
- Always use encrypted connections (RDP over SSL/SSH tunnel)
- Audit session query activities in your security logs
- Configure proper firewall rules to limit RPC/WMI access
- Consider implementing Just-In-Time admin access
When administering Windows 7 or Vista machines remotely, you'll often encounter the vague "Another user is currently logged on" message during RDP connections. As a domain admin, you need precise session information before taking any disruptive actions.
The most straightforward method uses the built-in query session command:
query session /server:SERVER_NAMESample output:
SESSIONNAME USERNAME ID STATE TYPE DEVICE
console jsmith 2 Active
rdp-tcp 65536 ListenFor scripting scenarios, use this PowerShell snippet to get comprehensive session data:
$computer = "REMOTE_PC_NAME"
$sessions = Get-WmiObject -Class Win32_LogonSession -ComputerName $computer
$logonUsers = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $computer | Select-Object -ExpandProperty UserName
foreach ($session in $sessions) {
$user = (Get-WmiObject -Class Win32_LoggedOnUser -ComputerName $computer |
Where-Object {$_.Antecedent -like "*$($session.LogonId)*"} |
Select-Object -ExpandProperty Dependent |
ForEach-Object { $_.Split('"')[1] })
if ($user) {
[PSCustomObject]@{
ComputerName = $computer
UserName = $user
SessionType = $session.LogonType
AuthPackage = $session.AuthenticationPackage
LogonTime = $session.StartTime
}
}
}For environments with WMI restrictions, try this registry-based approach:
reg query "\\REMOTE_PC\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI" /v LastLoggedOnUserRemember these techniques require:
- Admin privileges on target machine
- File and Printer Sharing enabled (for remote registry)
- Windows Management Instrumentation service running (for WMI)
- Proper firewall rules for DCOM/RPC (TCP 135 + dynamic ports)
Create a scheduled task that logs active sessions hourly:
$logPath = "C:\Admin\SessionLogs\$((Get-Date).ToString('yyyy-MM-dd')).csv"
$sessions = query session /server:$env:COMPUTERNAME |
Where-Object { $_ -match "^\s*\d+\s+(\w+)\s+(\S+)" } |
ForEach-Object {
[PSCustomObject]@{
Timestamp = Get-Date
Username = $matches[2]
SessionID = $matches[1]
}
}
$sessions | Export-Csv -Path $logPath -Append -NoTypeInformation