# Enumerate Active Windows Sessions

{% hint style="warning" %}
You need at least local admin privilege on the remote target, use option **--local-auth** if your user is a local account
{% endhint %}

When connecting to a Windows server via GUI interface (local connection or RDP) a windows session will be created. These session can be listed using the following option

```bash
nxc smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --qwinsta
```

Note that if a session if found, an attacker will be able to:

* Impersonate the primary token for that user (if credentials are stored in memory) ;
* Run tasks on behalf of that user.

Sometimes you'll end up having to hunt for a specific user which can be done filling the username you are looking for:

```bash
nxc smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --qwinsta username
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.netexec.wiki/smb-protocol/enumeration/enumerate-active-windows-sessions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.