CB Live Response: Display User Sessions Using Windows Command Line
Mar 28, 2021
- To see currently logged in user
execfg cmd.exe /c query user- To find which user runs a process
execfg cmd.exe /c tasklist /v | more- To see all user accounts
execfg cmd.exe /c net user - To see a specific user account
execfg cmd.exe /c net user <>- To find out the associated SID of a particular user
execfg wmic useraccount where name='xxx' get sid- To find out the associated processes for a particular user
execfg wmic service get Caption, StartName- Get the list of all local accounts configured
Get-WmiObject Win32_UserAccount -filter “LocalAccount=True” | Select-Object Name,FullName,Disabled
