Powershell脚本,用于查看当前登录的用户(域和机器)+状态(活动,空闲,离开)

Question

我正在搜索一个简单的命令来查看服务器上登录的用户.我知道这个:

Get-WmiObject -Class win32_computersystem

但这不会为我提供我需要的信息.它返回:域制造商模型名称(机器名称)PrimaryOwnerName TotalPhysicalMemory

我在Windows 2012服务器上运行Powershell 3.0.

也

Get-WmiObject Win32_LoggedOnUser -ComputerName $Computer | Select Antecedent -Unique

没有给我我需要的确切答案.我很乐意看到空闲时间,或者他们是活跃还是离开.

Answer 1

为了寻找同样的解决方案,我在stackoverflow中找到了我需要的另一个问题: Powershell-log-off-remote-session.下面一行将返回登录用户列表.

query user /server:$SERVER

Answer 2

这样做没有"简单的命令".您可以编写一个函数,也可以选择在各种代码存储库中在线提供的函数.我用这个:

function get-loggedonuser ($computername){

#mjolinor 3/17/10

$regexa = '.+Domain="(.+)",Name="(.+)"$'
$regexd = '.+LogonId="(\d+)"$'

$logontype = @{
"0"="Local System"
"2"="Interactive" #(Local logon)
"3"="Network" # (Remote logon)
"4"="Batch" # (Scheduled task)
"5"="Service" # (Service account logon)
"7"="Unlock" #(Screen saver)
"8"="NetworkCleartext" # (Cleartext network logon)
"9"="NewCredentials" #(RunAs using alternate credentials)
"10"="RemoteInteractive" #(RDP\TS\RemoteAssistance)
"11"="CachedInteractive" #(Local w\cached credentials)
}

$logon_sessions = @(gwmi win32_logonsession -ComputerName $computername)
$logon_users = @(gwmi win32_loggedonuser -ComputerName $computername)

$session_user = @{}

$logon_users |% {
$_.antecedent -match $regexa > $nul
$username = $matches[1] + "\" + $matches[2]
$_.dependent -match $regexd > $nul
$session = $matches[1]
$session_user[$session] += $username
}


$logon_sessions |%{
$starttime = [management.managementdatetimeconverter]::todatetime($_.starttime)

$loggedonuser = New-Object -TypeName psobject
$loggedonuser | Add-Member -MemberType NoteProperty -Name "Session" -Value $_.logonid
$loggedonuser | Add-Member -MemberType NoteProperty -Name "User" -Value $session_user[$_.logonid]
$loggedonuser | Add-Member -MemberType NoteProperty -Name "Type" -Value $logontype[$_.logontype.tostring()]
$loggedonuser | Add-Member -MemberType NoteProperty -Name "Auth" -Value $_.authenticationpackage
$loggedonuser | Add-Member -MemberType NoteProperty -Name "StartTime" -Value $starttime

$loggedonuser
}

}

Answer 3

由于我们在PowerShell区域,如果我们可以返回一个合适的PowerShell对象,它会非常有用......

我个人喜欢这种解析方法,因为简洁:

((quser) -replace '^>', '') -replace '\s{2,}', ',' | ConvertFrom-Csv

注意:这不考虑断开连接("光盘")用户,但如果您只想获得快速的用户列表而不关心其他信息,则可以正常工作.我只是想要一个列表,并不关心它们当前是否已断开连接.

如果你关心其余的数据,那就更复杂了:

(((quser) -replace '^>', '') -replace '\s{2,}', ',').Trim() | ForEach-Object {
    if ($_.Split(',').Count -eq 5) {
        Write-Output ($_ -replace '(^[^,]+)', '$1,')
    } else {
        Write-Output $_
    }
} | ConvertFrom-Csv

我再往前走一步,在我的博客上给你一个非常干净的对象.

我最终把它变成了一个模块.

Answer 4

也许你可以做点什么

get-process -includeusername