community.spiceworks.com
Open in
urlscan Pro
45.60.13.212
Public Scan
URL:
https://community.spiceworks.com/topic/2081941-check-logged-locked-status-of-1-remote-pc-with-powershell-script
Submission: On June 19 via manual from US — Scanned from DE
Submission: On June 19 via manual from US — Scanned from DE
Form analysis
1 forms found in the DOM<form>
<i class="1687207859622 mag-glass"></i>
<input class="1687207859622 search-input" autocomplete="off" placeholder="Search Spiceworks">
<i class="clean-icon"></i>
<div class="1687207859622 trending-topics"></div>
<div class="1687207859622 search-box-results"></div>
</form>
Text Content
Home * News & Insights * News & Insights Home * Innovation * IT Careers & Skills * Cloud * Cyber Security * Future of Work * All Categories * Marketing * HR * Finance * Community * Ask question * Community Home * Spiceworks Originals * Cloud * Collaboration * Networking * Water Cooler * Windows * All forums * How-Tos * Scripts * Vendors * Meetups * Reviews * Online Events Login Join Login Join * Home * Programming * PowerShell CHECK LOGGED/LOCKED STATUS OF 1 REMOTE PC WITH POWERSHELL SCRIPT Posted by itsupportprivate on Nov 4th, 2017 at 1:23 PM Solved PowerShell Hi, I am trying to come up with an easy but accurate way for me to see if a Domain computer is logged in/locked/logged out/turned off. I have the following so far, but not sure how to get it to work with my admin account, any ideas please; Powershell #Get Admin Account details Get-Credential #To Query a PC for Current Logged in State $ComputerName = Read-host "Please enter the Hostname" query user /server:$ComputerName -credential Spice (2) Reply (10) flagReport itsupportprivate anaheim POPULAR TOPICS IN POWERSHELL Installing Multiple Programs, getting "Do you want to run this file... Window upgrade Iterating through AD - Cant complete iteration before writing variable Unexpected token in expression or statement error Get List of Groups an AD Group is nested in View all topics check Best Answer An Evil Penguin This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. thai pepper Nov 6th, 2017 at 9:20 AM checkBest Answer This is the core of what I use to do this: Powershell Foreach ($Computer in $Computername) { $Online = $False $User = $False $Locked = $False If (Test-Connection $Computer -Count 2 -Quiet) { $Online = $True If ($Credential) { $User = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $Computer -Credential $Credential | Select-Object -ExpandProperty UserName -ErrorAction Stop } Else { $User = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $Computer | Select-Object -ExpandProperty UserName -ErrorAction Stop } If (Test-RemoteRegistry -Enable -ComputerName $Computer) { If ((Get-Process logonui -ComputerName $Computer -ErrorAction SilentlyContinue) -and ($user)) { $Locked = $True } } } $Output = New-Object PSObject $Output | Add-Member noteproperty ComputerName $Computer $Output | Add-Member noteproperty Online $Online $Output | Add-Member noteproperty Username $User $Output | Add-Member noteproperty Locked $Locked $Output } Test-RemoteRegistry is a separate function that polls for the status of the Remote Registry service as that is not always in a consistent state in my environment. For some reason Remote registry is needed for get-process remotely. Adapt or remove that as needed. I've also just noticed that I never passed credentials to the Get-Process section if they were given! flagReport 2 found this helpful thumb_up thumb_down View Best Answer in replies below 10 REPLIES * Chris Walten cayenne Nov 5th, 2017 at 12:44 PM qwinsta is something you need to look at. flagReport Was this post helpful? thumb_up thumb_down * OP itsupportprivate anaheim Nov 5th, 2017 at 9:55 PM Thanks. Ill look into flagReport Was this post helpful? thumb_up thumb_down * An Evil Penguin This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. thai pepper Nov 6th, 2017 at 9:20 AM checkBest Answer This is the core of what I use to do this: Powershell Foreach ($Computer in $Computername) { $Online = $False $User = $False $Locked = $False If (Test-Connection $Computer -Count 2 -Quiet) { $Online = $True If ($Credential) { $User = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $Computer -Credential $Credential | Select-Object -ExpandProperty UserName -ErrorAction Stop } Else { $User = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $Computer | Select-Object -ExpandProperty UserName -ErrorAction Stop } If (Test-RemoteRegistry -Enable -ComputerName $Computer) { If ((Get-Process logonui -ComputerName $Computer -ErrorAction SilentlyContinue) -and ($user)) { $Locked = $True } } } $Output = New-Object PSObject $Output | Add-Member noteproperty ComputerName $Computer $Output | Add-Member noteproperty Online $Online $Output | Add-Member noteproperty Username $User $Output | Add-Member noteproperty Locked $Locked $Output } Test-RemoteRegistry is a separate function that polls for the status of the Remote Registry service as that is not always in a consistent state in my environment. For some reason Remote registry is needed for get-process remotely. Adapt or remove that as needed. I've also just noticed that I never passed credentials to the Get-Process section if they were given! flagReport 2 found this helpful thumb_up thumb_down * OP itsupportprivate anaheim Nov 6th, 2017 at 10:17 AM Thanks. Ill give it a try. flagReport Was this post helpful? thumb_up thumb_down * philgman This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. cayenne Nov 7th, 2017 at 4:16 PM i use this to remote check the event logs. Powershell Param ( [string]$Computer = (Read-Host Remote computer name), [int]$Days = 20 ) $events = @() $events += Get-WinEvent -ComputerName $Computer -FilterHashtable @{ LogName='Security' Id=@(4800,4801) StartTime=(Get-Date).AddDays(-$Days) } $events += Get-WinEvent -ComputerName $Computer -FilterHashtable @{ LogName='System' Id=@(7000,7001) StartTime=(Get-Date).AddDays(-$Days) } $type_lu = @{ 7001 = 'Logon' 7002 = 'Logoff' 4800 = 'Lock' 4801 = 'UnLock' } $ns = @{'ns'='http://schemas.microsoft.com/win/2004/08/events/event'} $target_xpath = "//ns:Data[@Name='TargetUserName']" $usersid_xpath = "//ns:Data[@Name='UserSid']" If($events) { $results = ForEach($event in $events) { $xml = $event.ToXml() Switch -Regex ($event.Id) { '4...' { $user = ( Select-Xml -Content $xml -Namespace $ns -XPath $target_xpath ).Node.'#text' Break } '7...' { $sid = ( Select-Xml -Content $xml -Namespace $ns -XPath $usersid_xpath ).Node.'#text' $user = ( New-Object -TypeName 'System.Security.Principal.SecurityIdentifier' -ArgumentList $sid ).Translate([System.Security.Principal.NTAccount]).Value Break } } New-Object -TypeName PSObject -Property @{ Time = $event.TimeCreated Id = $event.Id Type = $type_lu[$event.Id] User = $user } } If($results) { #$results $Results | Sort Time -Descending | Out-GridView } } i also have a vbs that will scan an ip range (never got aroiund to adapting this to powershell). VB.net On Error Resume Next Dim FSO Dim objStream Const TriStateFalse = 0 Const FILE_NAME = "Logged_In_Users.csv" Set FSO = CreateObject("Scripting.FileSystemObject") Set objStream = FSO.CreateTextFile(FILE_NAME, _ True, TristateFalse) '************ CHANGE THIS ************** strSubnetPrefix = "192.168.1." intBeginSubnet = 100 intEndSubnet = 120 For i = intBeginSubnet To intEndSubnet strComputer = strSubnetPrefix & i 'strcomputer = inputbox("Enter Computer Name or IP") if strcomputer = "" then wscript.quit else 'ping it! Set objPing = GetObject("winmgmts:{impersonationLevel=impersonate}").ExecQuery _ ("select * from Win32_PingStatus where address = '" & strcomputer & "'") For Each objStatus in objPing If IsNull(objStatus.StatusCode) or objStatus.StatusCode<>0 Then 'request timed out 'msgbox(strcomputer & " did not reply" & vbcrlf & vbcrlf & _ '"Please check the name and try again") else 'who's there? set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & _ strComputer & "\root\cimv2") Set colSettings = objWMIService.ExecQuery("Select * from Win32_ComputerSystem") For Each objComputer in colSettings objStream.WriteLine objComputer.name & "," & objcomputer.username & "," & objcomputer.domain _ & "," & strcomputer 'msgbox("System Name: " & objComputer.Name & vbcrlf & "User Logged in : " & _ 'objcomputer.username & vbcrlf & "Domain: " & objComputer.Domain) Next end if next end if Next Msgbox("Done Collecting") 'cleanup set objwmiservice = nothing set colsettings = nothing set objping = nothing flagReport 1 found this helpful thumb_up thumb_down * Craig582 This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. cayenne May 15th, 2018 at 10:51 AM > An Evil Penguin wrote: > > This is the core of what I use to do this: > > Powershell > > Foreach ($Computer in $Computername) > { > $Online = $False > $User = $False > $Locked = $False > If (Test-Connection $Computer -Count 2 -Quiet) > { > $Online = $True > If ($Credential) > { > $User = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $Computer -Credential $Credential | Select-Object -ExpandProperty UserName -ErrorAction Stop > } > Else > { > $User = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $Computer | Select-Object -ExpandProperty UserName -ErrorAction Stop > } > If (Test-RemoteRegistry -Enable -ComputerName $Computer) > { > If ((Get-Process logonui -ComputerName $Computer -ErrorAction SilentlyContinue) -and ($user)) > { > $Locked = $True > } > } > } > $Output = New-Object PSObject > $Output | Add-Member noteproperty ComputerName $Computer > $Output | Add-Member noteproperty Online $Online > $Output | Add-Member noteproperty Username $User > $Output | Add-Member noteproperty Locked $Locked > $Output > } > > > Test-RemoteRegistry is a separate function that polls for the status of the > Remote Registry service as that is not always in a consistent state in my > environment. For some reason Remote registry is needed for get-process > remotely. > > Adapt or remove that as needed. I've also just noticed that I never passed > credentials to the Get-Process section if they were given! I tried this out yesterday and it worked wonderfully, I then adapted it slightly removing the pinging as I will be running it from PDQ inventory so will already know if it is online or not, plus I was just trying to cut down the time it was taking to run. This seemed to work. Powershell $computername = '$(Computer:TARGET)' $host.ui.RawUI.WindowTitle = "Logon status of $computer" Foreach ($Computer in $Computername) { $User = $False $Locked = $False { { $User = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $Computer -Credential $Credential | Select-Object -ExpandProperty UserName -ErrorAction Stop } Else { $User = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $Computer | Select-Object -ExpandProperty UserName -ErrorAction Stop } { If ((Get-Process logonui -ComputerName $Computer -ErrorAction SilentlyContinue) -and ($user)) { $Locked = $True } } } $Output = New-Object PSObject $Output | Add-Member noteproperty ComputerName $Computer $Output | Add-Member noteproperty Username $User $Output | Add-Member noteproperty Locked $Locked $Output } Today I’ve just gone to test it and the script doesn’t work properly, I’m getting the following not matter whether a user is logged on or not: Powershell { $User = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $Computer -Credential $Credential | Select-Object -ExpandProperty UserName -ErrorAction Stop } Else { $User = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $Computer | Select-Object -ExpandProperty UserName -ErrorAction Stop } { If ((Get-Process logonui -ComputerName $Computer -ErrorAction SilentlyContinue) -and ($user)) { $Locked = $True } } ComputerName Username Locked ------------ -------- ------ 03-05 False False I don’t have a great knowledge of PowerShell but I can usually figure out where I’ve gone wrong. Any help would be truly appreciated. flagReport Was this post helpful? thumb_up thumb_down * An Evil Penguin This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. thai pepper May 15th, 2018 at 11:48 AM Difficult to say without something to test with or knowledge of your systems. I'd say try calling each of the queries on that test machine one by one to inspect the Output. Could be something is acting up on that machine or is encountering something I've not considered. Also I think I set it to just return False for everything if it doesn't ping, so that might be getting involved? Edit: Also not used PDQDeploy myself so not sure if that would throw any spanners in to the works? Spice (1) flagReport 1 found this helpful thumb_up thumb_down * M Boyle This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. ghost chili May 15th, 2018 at 12:09 PM You should really ask a new question on this one. You are chopping code out (like if statements) but leaving behind the braces { } and random else statements. Provide some more of the code for better context. . Spice (2) flagReport Was this post helpful? thumb_up thumb_down * Craig582 This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. cayenne May 16th, 2018 at 2:56 PM I worked out that I missed an IF which sorted out the user part. Working out what I’d done wrong to get the locked part right took it’s time. But after some serious testing and tweaking, this is what I have ended up with. This works. It probably could be better, but the main thing is it works. Massive thanks to you An Evil Penguin for the original script. Powershell $computer = '$(Computer:TARGET)' $host.ui.RawUI.WindowTitle = "Logon details of $(Computer:TARGET)" $ErrorActionPreference = 'SilentlyContinue' $users = $false $locked = $false $users = (Get-WmiObject -Class win32_computersystem -ComputerName $computer).username.Split("\")[1] If ((Get-Process logonui -ComputerName $Computer) -and ($users)) { $Locked = $True } foreach ($user in $users) { $Output = New-Object PSObject $Output | Add-Member noteproperty Computer $Computer $Output | Add-Member noteproperty Username $User $Output | Add-Member noteproperty Locked $Locked $Output } * local_offer Tagged Items * An Evil Penguin Spice (1) flagReport Was this post helpful? thumb_up thumb_down * An Evil Penguin This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. thai pepper May 16th, 2018 at 2:58 PM Glad it worked out in the end! :) flagReport Was this post helpful? thumb_up thumb_down lock This topic has been locked by an administrator and is no longer open for commenting. To continue this discussion, please ask a new question. READ THESE NEXT... * SNAP! -- DATA CAPS, COSMIC NAVIGATION, APPARENT CURE FOR EPILEPSY, CUTE ROBOTS Spiceworks Originals Your daily dose of tech news, in brief. Welcome to the Snap! Flashback: June 19, 1623: Blaise Pascal is Born (Read more HERE.) Bonus Flashback: June 19, 1963: Vostok 5 & Vostok 6 return to Earth (Read more HERE.) You need to hear this.... * * SPARK! PRO SERIES – 19TH JUNE 2023 Spiceworks Originals It has been 7 years since we lost Anton Yelchin. He was as superb Checkov, but an even better Odd Thomas (see trailer below), which I highly recommend watching. We can only imagine what other characters he coul... * NERD JOURNEY # 220 - JOHN GOT FIRED Best Practices & General IT What would go through your mind if you woke up in the middle of the night only to find out you had been laid off? Processing the onset of emotions that come next isn't easy. When this happened to John White earlier in the year, he needed to decide what ... * HOW MUCH EMAIL IS IN YOUR INBOX RIGHT NOW? Spiceworks I was reading today some interesting email statistics (Reference site Opens a new window, Reference site Opens a new window, and there were a few others that basically agreed with those numbers).--The average office worker gets 120-126 emails a day.Not su... * WHAT ARE THE PROS AND CONS OF A IT CAREER IN ACADEMIA/ SCHOOL CAMPUSES? IT & Tech Careers After working in IT for a while I figure I want to take my career path in education/academia and move away from corporate office.Example of such jobs: University Network Engineer, Community College End User Support, Elementary School Computer Lab Technici... * About * Contact * Support * Press / Media * Careers * SpiceWorld * Blog * * * * * * Sitemap * Privacy Policy * Terms of Use * Guidelines * Accessibility Statement * Do Not Sell My Personal Information * © Copyright 2006 - 2023 Spiceworks Inc. WE CARE ABOUT YOUR PRIVACY If you consent, we and our partners can store and access personal information on your device to provide a more personalised browsing experience. This is accomplished through processing personal data collected from browsing data stored in cookies. You can provide/withdraw consent and object to processing based on a legitimate interest at any time by clicking on the ‘Manage Preferences’ button.Our Privacy Policy WE AND OUR PARTNERS PROCESS DATA TO: Store and/or access information on a device. Personalised ads and content, ad and content measurement, audience insights and product development. Our Partners Reject All I Accept More Options