While on my cruise, I took my personal laptop and created a service that allows me to record each and every person who uses my laptop to a SQL Express database.

I did this for no other reason than to see what would be involved.

First thing is to get a list of all the processes running on the local machine and then get the owner of any process called "explorer.exe". The reason for this is, anyone can log onto a box remotely via RDP and you won't be able to get their account name because of the way RDP works. However, logging onto a desktop creates an explorer.exe process that cannot be killed because if you kill it, you kill your desktop.

That being said, if you get the owner of all the explorer processes you essentially have a list of all the people logged onto a machine, either through the console, fast user switching or through a remote desktop.

I chose to do this with Visual Studio 2008 using the .NET 2.0 framework and WMI. Now, with a strongly typed class. A strongly typed class allows you to generate a cs file that can then be used in your code to simplify basic WMI queries.

Using the command prompt, you can execute the following command to generate a cs file to query processes.

mgmtclassgen Win32_Process /n root\cimv2 /l CS /p c:\process.cs

This can then be added to your project and you can then place a using directive in your code for ROOT.CIMV2.Win32 

Now you can use the following code bit to get the list of processes.

using ROOT.CIMV2.Win32;

public static void GetProcesses()
{

    foreach(Process ps in Process.GetInstances())
{
Console.Writeline(ps.Name.ToString());
}
}

Given that, I have a list of all the processes on the box. 

Now I can modify that a bit to get explorer.exe, hense I 
can get the process owner domain and user ID.