如何使用 WMIC 远程检查计算机上的远程登录用户？

Question 1

我在我的环境中使用这个，稍作修改后，只拉出我想要的计算机的过滤器。我想它是去年某个时候推出的……对我来说在 2008 R2 上运行得很好。不过还没有在 2012 上测试过。我只是安排它每天运行。

http://gallery.technet.microsoft.com/scriptcenter/PowerShell-script-to-Find-d2ba4252

# Import the Active Directory module for the Get-ADComputer CmdLet 
Import-Module ActiveDirectory 

# Get today's date for the report 
$today = Get-Date 

# Setup email parameters 
$subject = "ACTIVE SERVER SESSIONS REPORT - " + $today 
$priority = "Normal" 
$smtpServer = "YourMailServer" 
$emailFrom = "[email protected]" 
$emailTo = "[email protected]" 

# Create a fresh variable to collect the results. You can use this to output as desired 
$SessionList = "ACTIVE SERVER SESSIONS REPORT - " + $today + "`n`n" 

# Query Active Directory for computers running a Server operating system 
$Servers = Get-ADComputer -Filter {OperatingSystem -like "*server*"} 

# Loop through the list to query each server for login sessions 
ForEach ($Server in $Servers) { 
    $ServerName = $Server.Name 

    # When running interactively, uncomment the Write-Host line below to show which server is being queried 
    # Write-Host "Querying $ServerName" 

    # Run the qwinsta.exe and parse the output 
    $queryResults = (qwinsta /server:$ServerName | foreach { (($_.trim() -replace "\s+",","))} | ConvertFrom-Csv)  

    # Pull the session information from each instance 
    ForEach ($queryResult in $queryResults) { 
        $RDPUser = $queryResult.USERNAME 
        $sessionType = $queryResult.SESSIONNAME 

        # We only want to display where a "person" is logged in. Otherwise unused sessions show up as USERNAME as a number 
        If (($RDPUser -match "[a-z]") -and ($RDPUser -ne $NULL)) {  
            # When running interactively, uncomment the Write-Host line below to show the output to screen 
            # Write-Host $ServerName logged in by $RDPUser on $sessionType 
            $SessionList = $SessionList + "`n`n" + $ServerName + " logged in by " + $RDPUser + " on " + $sessionType 
        } 
    } 
} 

# Send the report email 
Send-MailMessage -To $emailTo -Subject $subject -Body $SessionList -SmtpServer $smtpServer -From $emailFrom -Priority $priority 

# When running interactively, uncomment the Write-Host line below to see the full list on screen 
$SessionList

Answer

我在我的环境中使用这个，稍作修改后，只拉出我想要的计算机的过滤器。我想它是去年某个时候推出的……对我来说在 2008 R2 上运行得很好。不过还没有在 2012 上测试过。我只是安排它每天运行。

http://gallery.technet.microsoft.com/scriptcenter/PowerShell-script-to-Find-d2ba4252

# Import the Active Directory module for the Get-ADComputer CmdLet 
Import-Module ActiveDirectory 

# Get today's date for the report 
$today = Get-Date 

# Setup email parameters 
$subject = "ACTIVE SERVER SESSIONS REPORT - " + $today 
$priority = "Normal" 
$smtpServer = "YourMailServer" 
$emailFrom = "[email protected]" 
$emailTo = "[email protected]" 

# Create a fresh variable to collect the results. You can use this to output as desired 
$SessionList = "ACTIVE SERVER SESSIONS REPORT - " + $today + "`n`n" 

# Query Active Directory for computers running a Server operating system 
$Servers = Get-ADComputer -Filter {OperatingSystem -like "*server*"} 

# Loop through the list to query each server for login sessions 
ForEach ($Server in $Servers) { 
    $ServerName = $Server.Name 

    # When running interactively, uncomment the Write-Host line below to show which server is being queried 
    # Write-Host "Querying $ServerName" 

    # Run the qwinsta.exe and parse the output 
    $queryResults = (qwinsta /server:$ServerName | foreach { (($_.trim() -replace "\s+",","))} | ConvertFrom-Csv)  

    # Pull the session information from each instance 
    ForEach ($queryResult in $queryResults) { 
        $RDPUser = $queryResult.USERNAME 
        $sessionType = $queryResult.SESSIONNAME 

        # We only want to display where a "person" is logged in. Otherwise unused sessions show up as USERNAME as a number 
        If (($RDPUser -match "[a-z]") -and ($RDPUser -ne $NULL)) {  
            # When running interactively, uncomment the Write-Host line below to show the output to screen 
            # Write-Host $ServerName logged in by $RDPUser on $sessionType 
            $SessionList = $SessionList + "`n`n" + $ServerName + " logged in by " + $RDPUser + " on " + $sessionType 
        } 
    } 
} 

# Send the report email 
Send-MailMessage -To $emailTo -Subject $subject -Body $SessionList -SmtpServer $smtpServer -From $emailFrom -Priority $priority 

# When running interactively, uncomment the Write-Host line below to see the full list on screen 
$SessionList

Question 2

既然其他人都对此表示赞赏，我想我也应该这么做。

我有一直在使用@TheCleaner 建议的 qwinsta.exe 来监控终端服务器上的活跃用户，但只以文本形式输出。

但我最近发现了非常有前景的 Win32_UserProfile 类，因为我现在可以输出对象以在 PS 中使用。

这是我目前得到的：

Get-WmiObject Win32_Profile -ComputerName $Name -Filter "Loaded='True'" | Foreach {$_.LocalPath}

**注意：您可能需要通过丢弃 $_.LocalPath 值不在 C:\Users 文件夹中的所有结果来过滤一些“已加载”的配置文件。

Answer

既然其他人都对此表示赞赏，我想我也应该这么做。

我有一直在使用@TheCleaner 建议的 qwinsta.exe 来监控终端服务器上的活跃用户，但只以文本形式输出。

但我最近发现了非常有前景的 Win32_UserProfile 类，因为我现在可以输出对象以在 PS 中使用。

这是我目前得到的：

Get-WmiObject Win32_Profile -ComputerName $Name -Filter "Loaded='True'" | Foreach {$_.LocalPath}

**注意：您可能需要通过丢弃 $_.LocalPath 值不在 C:\Users 文件夹中的所有结果来过滤一些“已加载”的配置文件。

Question 3

如果它不必从 cmd 运行...我会使用一个很棒的小工具 NetScan 来帮我完成这项工作。

网络扫描链接

Answer

如果它不必从 cmd 运行...我会使用一个很棒的小工具 NetScan 来帮我完成这项工作。

网络扫描链接

Question 4

一个简单的解决方案是枚举远程主机上运行的 EXPLORER.EXE 实例。然后只需拉出拥有该权限的用户即可。

PS 命令示例：

Get-WmiObject -Class Win32_Process -Filter "Name='explorer.exe'" -ComputerName "REMOTECOMPUTER" | ForEach-Object{ "{0}\{1}" -f $_.GetOwner().Domain, $_.GetOwner().User }

Answer

一个简单的解决方案是枚举远程主机上运行的 EXPLORER.EXE 实例。然后只需拉出拥有该权限的用户即可。

PS 命令示例：

Get-WmiObject -Class Win32_Process -Filter "Name='explorer.exe'" -ComputerName "REMOTECOMPUTER" | ForEach-Object{ "{0}\{1}" -f $_.GetOwner().Domain, $_.GetOwner().User }

如何使用 WMIC 远程检查计算机上的远程登录用户？

答案1

答案2

答案3

答案4

相关内容