我想知道是否有可能获取计算机上远程登录用户的当前用户名?从 Windows cmd 中获取?
类型:WMIC /NODE:ComputerName ComputerSystem 获取用户名
此命令有效,但会为 ComputerName 提供本地登录的用户。而不是远程登录的用户。
感谢您的帮助!
答案1
我在我的环境中使用这个,稍作修改后,只拉出我想要的计算机的过滤器。我想它是去年某个时候推出的……对我来说在 2008 R2 上运行得很好。不过还没有在 2012 上测试过。我只是安排它每天运行。
http://gallery.technet.microsoft.com/scriptcenter/PowerShell-script-to-Find-d2ba4252
# Import the Active Directory module for the Get-ADComputer CmdLet
Import-Module ActiveDirectory
# Get today's date for the report
$today = Get-Date
# Setup email parameters
$subject = "ACTIVE SERVER SESSIONS REPORT - " + $today
$priority = "Normal"
$smtpServer = "YourMailServer"
$emailFrom = "[email protected]"
$emailTo = "[email protected]"
# Create a fresh variable to collect the results. You can use this to output as desired
$SessionList = "ACTIVE SERVER SESSIONS REPORT - " + $today + "`n`n"
# Query Active Directory for computers running a Server operating system
$Servers = Get-ADComputer -Filter {OperatingSystem -like "*server*"}
# Loop through the list to query each server for login sessions
ForEach ($Server in $Servers) {
$ServerName = $Server.Name
# When running interactively, uncomment the Write-Host line below to show which server is being queried
# Write-Host "Querying $ServerName"
# Run the qwinsta.exe and parse the output
$queryResults = (qwinsta /server:$ServerName | foreach { (($_.trim() -replace "\s+",","))} | ConvertFrom-Csv)
# Pull the session information from each instance
ForEach ($queryResult in $queryResults) {
$RDPUser = $queryResult.USERNAME
$sessionType = $queryResult.SESSIONNAME
# We only want to display where a "person" is logged in. Otherwise unused sessions show up as USERNAME as a number
If (($RDPUser -match "[a-z]") -and ($RDPUser -ne $NULL)) {
# When running interactively, uncomment the Write-Host line below to show the output to screen
# Write-Host $ServerName logged in by $RDPUser on $sessionType
$SessionList = $SessionList + "`n`n" + $ServerName + " logged in by " + $RDPUser + " on " + $sessionType
}
}
}
# Send the report email
Send-MailMessage -To $emailTo -Subject $subject -Body $SessionList -SmtpServer $smtpServer -From $emailFrom -Priority $priority
# When running interactively, uncomment the Write-Host line below to see the full list on screen
$SessionList
答案2
既然其他人都对此表示赞赏,我想我也应该这么做。
我有一直在使用@TheCleaner 建议的 qwinsta.exe 来监控终端服务器上的活跃用户,但只以文本形式输出。
但我最近发现了非常有前景的 Win32_UserProfile 类,因为我现在可以输出对象以在 PS 中使用。
这是我目前得到的:
Get-WmiObject Win32_Profile -ComputerName $Name -Filter "Loaded='True'" | Foreach {$_.LocalPath}
**注意:您可能需要通过丢弃 $_.LocalPath 值不在 C:\Users 文件夹中的所有结果来过滤一些“已加载”的配置文件。
答案3
如果它不必从 cmd 运行...我会使用一个很棒的小工具 NetScan 来帮我完成这项工作。
答案4
一个简单的解决方案是枚举远程主机上运行的 EXPLORER.EXE 实例。然后只需拉出拥有该权限的用户即可。
PS 命令示例:
Get-WmiObject -Class Win32_Process -Filter "Name='explorer.exe'" -ComputerName "REMOTECOMPUTER" | ForEach-Object{ "{0}\{1}" -f $_.GetOwner().Domain, $_.GetOwner().User }