This check will check both the number of users logged in to a Windows system, as well as the last logged in user.

It can return critical if the last logged in user does not match the one defined. It can also return warning/critical if the number of users logged in is not within range. You can also just use it for informational purposes, if warnings/criticals are not defined. It is very useful for servers that must have someone logged in.


You must copy the check_users.exe file to the NSClient++ script folder.
Then you must add the following line to the NRPE Handlers section of your NSC.ini file in the NSClient++ folder:

check_users=scripts\check_users.exe $ARG1$


The arguments for the check are as follows:

check_users.exe [-l] [-u username] [-n] [-w warning] [-c critical] 


Flag Options
-l Displays the last logged in user
-u define a critical return, which will check if the defined user was NOT the last logged in user. If username is not defined, status will always be ok.
-n Displays the number of users currently logged in to the server.
-w set warning range
-c set critical ranges

You must set both a warning and a critical for the check to return a status other than OK.


This will check to see if there if at least one user logged in and return critical status if no one is logged in:

check_nrpe -H $HOSTADDRESS$ -c check_users -a "-n -w 1 -c 1"
  This will check to see if the user admin on domain mydomain was the last one logged in and return a critical status if someone else was:
check_nrpe -H $HOSTADDRESS$ -c check_users -a "-l -u mydomainadmin" 

This check will be for informational purposes and will just return the last user logged in (status will always be OK):

check_nrpe -H $HOSTADDRESS$ -c check_users -a "-l" 

Tested on Windows Server 2003/2008, and Windows XP.  Please check for the most up-to-date version.