A common task any Windows admin might have is finding out, locally or remotely, which user account is logged onto a particular computer. Many tools exist for this purpose, and one of them, of course, is PowerShell.

Adam Bertram

Adam is a Microsoft Cloud and Datacenter Management Most Valuable Profressional (MVP) who specializes in Windows PowerShell. You can reach Adam at adamtheautomator.com or on Twitter at @adbertram.

A Windows admin might need this information to create reports, to track down malware infection or to see who's in the office. Since this is a repeatable task, it's a good idea to build a script that you can reuse over and over again, rather than having to figure out how to do it every time.

In this article, I'm going to go over how to build a PowerShell script to find a logged-on user on your local Windows machine, as well as on many different remote Windows machines at once. By the end, you should have a good understanding of what it takes to query the logged-on user of a Windows computer. You will also understand how to build a PowerShell script to execute the command on multiple computers at the same time.

With PowerShell, getting the account information for a logged-on user of a Windows machine is easy, since the username is readily available using the Win32_ComputerSystem WMI instance. This can be retrieved via PowerShell by using either the Get-CimInstance or Get-WmiObject cmdlet. I prefer to use the older Get-WmiObject cmdlet because I’m still working on older machines.

Output

Output

If you prefer to use CIM, you can also use Get-CimInstance to return the same result.

End of article, right? I suppose you could say I did just show you how to discover a logged-on user remotely. However, we need to make this reusable, more user-friendly and easy to perform on multiple computers. Let's take it a step further and build a PowerShell function from this.

First, let's build our template function. It looks like this:

Here, we have an advanced function with a single parameter: ComputerName. We also want to incorporate some parameter validations to ensure that the computer responds to a ping request before we query it. Also, notice the parameter type: [string[]]. Notice how there is an extra set of brackets in there? This makes ComputerName a string collection, rather than just a simple string. This is going to allow us to specify multiple computer names, separated by commas. We’ll see how this comes into play a bit later.

Once we have the function template down, we’ll need to add some functionality. To do that, let’s add a foreach loop, in case $ComputerName has multiple computer names, and then create a custom object for each computer, querying each for the logged-on user.

Here, notice that instead of outputting only the username, we are building a custom object that outputs the computer name as well, so that when multiple computer names are used, I can tell which username coincides with which computer.

Now, let’s run this and see what the output looks like when we don't specify a computer name.

Without specified computer name

Without specified computer name

My local computer name is WINFUSIONVM, and I am logged in through a local account called Adam. Now, let's see what it looks like when we query a remote computer.

Queried a remote computer

Queried a remote computer

In the instance above, notice that the account exists within a domain. We know this because the username starts with MYLAB, rather than MEMBERSRV1.

Finally, let's pass a couple different computer names through this function.

Different computer names

Different computer names

You can see that CLIENT2's UserName is null. This is because no account is currently logged on the computer.

If you'd like a fully featured function with error control, feel free to download this function from my Github repo.

Win the monthly 4sysops member prize for IT pros

Share
3+

Users who have LIKED this post:

  • avatar

Related Posts

10 Comments
  1. Ashish Singh 10 months ago

    For some scenarios, it returns null. I tried running it on a Virtual Machine running Windows 10 (14393) x64.

    2+

  2. Roi 9 months ago

    It lookes like that some things changed:

    Get-WmiObject –ComputerName client01 –Class Win32_ComputerSystem

    This returns no longer a property called UserName

    0

    • Marc 6 months ago

      Yeah this isn't working for me either.

      0

    • Luc Fullenwarth 6 months ago

      What is you client OS and powershell version?

      What is the OS and .Net Framework version of the target server?

      0

  3. Dennis 7 months ago

    Hello,

    is there a way to list logged on users from a list createdbefore? I want to create a script  which exports a list of specific domain Computers. Then I want to get the logged on users and the information when the machine last bootet up. The result of this should be outputet as a csv.

    Could might help me out with this?

    I tired this without success:

    I really would appriciate your help.

    best regards

    D

    0

  4. Author
    Adam Bertram 7 months ago

    You are so close! You just need to create the function that pulls the logged in user from a single computer and then loop over each computer calling the function ad well as the Get-WmiObject reference. Something like this:

    1+

    • Dennis 6 months ago

      Hello Adam,

      thank you for your reply 🙂

      I'm really at the beginning in writing powershell scripts. What you mean is to replace line 11 to 30 in my script with the code you provided so that it lookslike this?

      0

      • Author
        Adam Bertram 6 months ago

        You will need to include the last bootup time within the foreach loop too so it can gather the information from each computer as it's reading them.

        1+

        • Dennis 6 months ago

          Hi Adam,

          thank you for your reply. So this would be the solution?:

          When I run this script like provided above I get a command line which tells me to enter a parameter without telling me which one. The Screenshot can be found under this link:

          https://www.dropbox.com/s/jrtgyxa1kd1slng/26-06-_2017_17-52-56.png?dl=0

          But I have to say it is in german language.

          thank you very much for your help 🙂

          regards Dennis

          0

  5. Mauro 6 months ago

    I use:
    invoke-command -computername -scriptblock { qwinsta }
    or:
    qwinsta /server:

    4+

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account