querying server about remotely connected machine names
I know of these free tools which might help :
TSListUsers
command line utility to list both the currently connected and disconnected users, hostname, IP address and RDP session number on either the local or a remote Windows Terminal Server/RDP Server.
To list the users, you need to have the following abilities:
- NetBios access to the server
- Permissions allowing you to Query RDP session information (if you can log into the TS, you should have this by default)
- Terminal Services/RDP should be running on the target host
A useful but simpler tool is psloggedon :
For Terminal Server sessions, a useful tool will be the free LazyTS (Terminal Services Management) for PowerShell GUI.
A pure PowerShell solution assumes that the logged-on users are using the
Explorer desktop shell (not custom shell).
It is much easier to count the instances of the explorer.exe process
and find their owners, as in
this script :
$explorerprocesses = @(Get-WmiObject -Query "Select * FROM Win32_Process WHERE Name='explorer.exe'" -ErrorAction SilentlyContinue)
if ($explorerprocesses.Count -eq 0)
{
"No explorer process found / Nobody interactively logged on"
} else {
foreach ($i in $explorerprocesses)
{
$Username = $i.GetOwner().User
$Domain = $i.GetOwner().Domain
$Domain + "\" + $Username + " logged on since: " + ($i.ConvertToDateTime($i.CreationDate))
}
}
A simpler
approach
using the Win32_LogonSession class
also works, but tends to give more results than expected :
function get-logedonuser {
param (
[string]$computername = $env:COMPUTERNAME
)
Get-WmiObject -Class Win32_LogonSession -ComputerName $computername |
foreach {
$data = $_
$id = $data.__RELPATH -replace """", "'"
$q = "ASSOCIATORS OF {$id} WHERE ResultClass = Win32_Account"
Get-WmiObject -ComputerName $computername -Query $q |
select @{N="User";E={$($_.Caption)}},
@{N="LogonTime";E={$data.ConvertToDateTime($data.StartTime)}}
}
}