querying server about remotely connected machine names

I know of these free tools which might help :

TSListUsers

command line utility to list both the currently connected and disconnected users, hostname, IP address and RDP session number on either the local or a remote Windows Terminal Server/RDP Server.

To list the users, you need to have the following abilities:

  • NetBios access to the server
  • Permissions allowing you to Query RDP session information (if you can log into the TS, you should have this by default)
  • Terminal Services/RDP should be running on the target host

A useful but simpler tool is psloggedon :

psloggedon


For Terminal Server sessions, a useful tool will be the free LazyTS (Terminal Services Management) for PowerShell GUI.


A pure PowerShell solution assumes that the logged-on users are using the Explorer desktop shell (not custom shell). It is much easier to count the instances of the explorer.exe process and find their owners, as in this script :

$explorerprocesses = @(Get-WmiObject -Query "Select * FROM Win32_Process WHERE Name='explorer.exe'" -ErrorAction SilentlyContinue)
if ($explorerprocesses.Count -eq 0)
{
    "No explorer process found / Nobody interactively logged on"
} else {
    foreach ($i in $explorerprocesses)
    {
        $Username = $i.GetOwner().User
        $Domain = $i.GetOwner().Domain
        $Domain + "\" + $Username + " logged on since: " + ($i.ConvertToDateTime($i.CreationDate))
    }
}

A simpler approach using the Win32_LogonSession class also works, but tends to give more results than expected :

function get-logedonuser {            
param (            
 [string]$computername = $env:COMPUTERNAME            
)            
Get-WmiObject -Class Win32_LogonSession -ComputerName $computername |            
foreach {            
 $data = $_            

 $id = $data.__RELPATH -replace """", "'"            
 $q = "ASSOCIATORS OF {$id} WHERE ResultClass = Win32_Account"            
 Get-WmiObject -ComputerName $computername -Query $q |            
 select @{N="User";E={$($_.Caption)}},             
 @{N="LogonTime";E={$data.ConvertToDateTime($data.StartTime)}}            
}            
}