What's the difference between enumerating logged on users vs sessions?

[seanthegeek]

I'm reading over PowerView.ps1, and I'm wondering: what's the difference between sessions and logged on users? Get-NetLoggedon (which uses the NetWkstaUserEnum Win32 API call, and requires local admin rights) always seems to return more results than Get-NetSession (which uses the NetSessionEnum Win32 API call). That's the opposite of what I would expect.

[HarmJ0y]

Not sure why you would expect less information from NetWkstaUserEnum() vs NetSessionEnum(), but that's just how the API calls work. You are correct in stating that NetWkstaUserEnum() requires admin privs (at least on modern OSs), so I am not surprised that more information is returned from an elevated context. As I'm just wrapping these Win32 API calls, I'm not able to control their behavior on remote systems nor the information they return :) For that you'll need to open an issue with Microsoft ;)