Last active
October 14, 2015 21:25
-
-
Save mortenya/ffd155fb325958076312 to your computer and use it in GitHub Desktop.
A function that grabs all logon sessions from the script center
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-LoggedOnUserSession { | |
#mjolinor 3/17/10 | |
[CmdletBinding()] | |
param | |
( | |
[Parameter(Position=0, | |
ValueFromPipeline=$true, | |
ValueFromPipelineByPropertyName=$true)] | |
[string[]]$Name = $env:COMPUTERNAME) | |
$regexa = '.+Domain="(.+)",Name="(.+)"$' | |
$regexd = '.+LogonId="(\d+)"$' | |
$logontype = @{ | |
"0"="Local System" | |
"2"="Interactive" #(Local logon) | |
"3"="Network" # (Remote logon) | |
"4"="Batch" # (Scheduled task) | |
"5"="Service" # (Service account logon) | |
"7"="Unlock" #(Screen saver) | |
"8"="NetworkCleartext" # (Cleartext network logon) | |
"9"="NewCredentials" #(RunAs using alternate credentials) | |
"10"="RemoteInteractive" #(RDP\TS\RemoteAssistance) | |
"11"="CachedInteractive" #(Local w\cached credentials) | |
} | |
$logon_sessions = @(gwmi win32_logonsession -ComputerName $Name) | |
$logon_users = @(gwmi win32_loggedonuser -ComputerName $Name) | |
$session_user = @{} | |
$logon_users |% { | |
$_.antecedent -match $regexa > $nul | |
$username = $matches[1] + "\" + $matches[2] | |
$_.dependent -match $regexd > $nul | |
$session = $matches[1] | |
$session_user[$session] += $username | |
} | |
$logon_sessions |%{ | |
$starttime = [management.managementdatetimeconverter]::todatetime($_.starttime) | |
$loggedonuser = New-Object -TypeName psobject | |
$loggedonuser | Add-Member -MemberType NoteProperty -Name "Session" -Value $_.logonid | |
$loggedonuser | Add-Member -MemberType NoteProperty -Name "User" -Value $session_user[$_.logonid] | |
$loggedonuser | Add-Member -MemberType NoteProperty -Name "Type" -Value $logontype[$_.logontype.tostring()] | |
$loggedonuser | Add-Member -MemberType NoteProperty -Name "Auth" -Value $_.authenticationpackage | |
$loggedonuser | Add-Member -MemberType NoteProperty -Name "StartTime" -Value $starttime | |
$loggedonuser | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment