Get-UserSessionEx is capable of outputting User Session information for an array of Computers by combining output from query.exe and Get-CimInstance. The goal is to gather all of the most useful Session information in one place.
Get-UserSessionEX.ps1 Link:
https://github.com/pldmgg/misc-powershell/blob/master/Get-UserSessionEx.ps1
The Get-UserSessionEx function is composed (primarily) of two functions: Get-UserSessionViaQuery and Get-UserSessionViaCim.
The Get-UserSessionViaQuery function is a very slightly modified version of RamblingCookieMonster’s Get-UserSession function, which parses query.exe output:
https://github.com/RamblingCookieMonster/PowerShell/blob/master/Get-UserSession.ps1
Pros of Get-UserSessionViaQuery include:
-
Provides information that reflects connection statuses at the moment the function is executed
-
Provides the very userful “State” and “IdleTime” properties
Cons of Get-UserSessionViaQuery include:
-
Does not capture all types of Logon Sessions (such as PowerShell Remoting or those initiated by service/system accounts)
-
Does not provide the properties “LogonId” or “AuthenticationPackage” (i.e. NTLM, Kerberos, etc)
The Get-UserSessionViaCim function is my take on parsing Get-CimInstance results from Win32_LogOnSession and Win32_LoggedOnUser. The helper function Get-LHSCimSession assists with using the Get-CimInstance cmdlet against machines that are not part of a domain, or in a different domain.
(See Get-LHSCimSession origin here: https://gallery.technet.microsoft.com/scriptcenter/Get-PageFile-Usage-and-more-659f96aa)
Pros of Get-UserSessionViaCim include:
-
Lists all types of Logon Sessions from all User Accounts
-
Includes “LogonTypeTranslated” Property that illustrates LogonType in plain English
-
Includes “LogonId” and AuthenticationPackage” Properties
Cons of Get-UserSessionViaCim include:
-
Results may contain stale entries (i.e. accounts may have since logged off or otherwise disconnected)
-
No way to tell if connection is still Active/Idle/Disconnected.
By comparing Get-UserSessionViaQuery’s “LogonTime” property to Get-UserSessionViaCim’s “StartTime” property, we can match Cim results with Query results, and thereby add “SessionName”, “State”, and “Idle” properties to certain Cim results.
WARNING: Get-UserSessionViaQuery’s “LogonTime” property is never exactly equal to Get-UserSessionViaCim’s “StartTime” property, so Get-UserSessionEx matches the entries as long as they are within 2 minutes of each other AND the Cim LogonType is one of the following: – Local Console Logon – Network (PSRemoting or RDP) – RDPTSRemoteAssistance – Local Console w/Cached Creds
.EXAMPLE
From Domain Admin account on a workstation on the test2.lab Domain, run the following against Computers that are also all part of the test2.lab Domain:
Get-UserSessionEx -HostName "Win16Chef","Win12WS.test2.lab","NanoServerVM.test2.lab" Sample Output:
ComputerName LogonSessions ------------ ------------- Win16Chef.test2.lab {@{Caption=; Name=; InstallDate=; UpdatedName=SYSTEM; StartTime=4/23/2017 1:05:48 AM; SessionId=0; LogonTypeTranslated=Local System; ... Win12WS.test2.lab {@{Caption=; Name=; InstallDate=; UpdatedName=SYSTEM; StartTime=4/3/2017 9:30:32 PM; SessionId=0; LogonTypeTranslated=Local System; L... NanoServerVM.test2.lab {@{Caption=; Name=; InstallDate=; UpdatedName=SYSTEM; StartTime=4/28/2017 4:28:25 PM; SessionId=0; LogonTypeTranslated=Local System; ... .EXAMPLE
From a workstation on a different domain, run the following (where “pddomain” is a Domain Admin account on pddomain2.lab):
Get-UserSessionEx -HostName "PDDC2.pddomain2.lab","PDDC2Rep.pddomain2.lab" -UserAcct pddomain Sample Output:
ComputerName LogonSessions ------------ ------------- PDDC2.pddomain2.lab {@{Caption=; Name=; IdleTime=; StartTime=2/24/2017 6:46:52 AM; InstallDate=; SessionName=; UpdatedName=SYSTEM; SessionId=; LogonTypeT... PDDC2Rep.pddomain2.lab {@{Caption=; Name=; IdleTime=; StartTime=3/28/2017 5:34:51 PM; InstallDate=; SessionName=; UpdatedName=SYSTEM; SessionId=; LogonTypeT... Additional Notes:
- Pipe the LogonSessions property to Format-List or Format-Table for pretty output.
As always any advice/criticism is welcome. Hope this helps folks!
(P.S. I really hope Microsoft comes out with an official solution that makes this easier in the near future. I feel like it’s long overdue.)
submitted by /u/fourierswager
[link] [comments]
The post Get-UserSessionEx – Get all user session info in one place…for real though. appeared first on How to Code .NET.
