If I am correct, NTNAME most likely queries WINs for the username<03> entry and returns the computername<03> or <00> for the same IP address. This may work but I would not depend it.
The best way to determine who is logged is to check the HKEY_USERS registry hive on the remote computer and resolve the Sid to a user account. The problem with the SidToName() function in that it can only resolve Sids from perspective of the computer executing the command looking at trusted SAM databases. Therefore, it will fail on a local computer account if it is logged on because the Sid resides in the remote computer SAM database.
See my description of the process and code at: http://mywebpages.comcast.net/habullock/kix_solutions.htm
If you need to resolve local sids then I will need to augment Win32Admin.dll so that it can resolve remote and local sids. This is something I have wanted to add for some time. It would enable you to have the remote computer resolve the Sids and would return Domain\account.
Let me know how many would like that ability.
