The story so far. Somebody is hammering one of the servers with smb requests to a share, that is located on another cluster node. You found that this requests are made from a workstation in a different location and you want to inform the user that they should double check their configuration. So how can you find out who is logged on to this system?
I found a vbs script in the Internet, written by a guy named Richard Mueller:
'nbtstat-a.vbs 'Thanks to Richard Mueller Option Explicit Dim strComputer, objWMIService, colProcesses, objProcess Dim colProperties, strNameOfUser, strUserDomain 'Specify or prompt for remote computer. strComputer = wscript.arguments(0) Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate,authenticationLevel=Pkt}!\\" _ & strComputer & "\root\cimv2") Set colProcesses = objWMIService.ExecQuery _ ("SELECT * FROM Win32_Process WHERE Name = 'explorer.exe'") For Each objProcess In colProcesses colProperties = objProcess.GetOwner(strNameOfUser, strUserDomain) Wscript.Echo "Owner of Explorer.exe on " & strComputer _ & " is " & strUserDomain & "\" & strNameOfUser Next
Safe the code as nbtstat-a.vbs and start it with:
cscript nbtstat-a.vbs computername