Get user information from remote server with PowerShell

Viewing 3 reply threads
  • Author
    Posts
    • #1568561
      Faiz Qureshi
      Participant
      Member Points: 214
      Rank: 2

      Hello experts ,

      I am looking for a PowerShell script which lets me get user information from all connected servers across the network. Please let me know if there is any such script which I can use or may be tweak a little bit.

      We need a simple report that contains information like this:

      User ID, Session_ID , Local Client_Host_ID, Remote Server_ID_Connected to, brief_descp_Activity performed

      Regards,
      Faiz

       

    • #1568615
      Michael Pietroforte
      Keymaster
      Member Points: 38,765
      Author of the year 2018
      Rank: 4

      How about this one. You computer only has to be an Active Directory domain member.

    • #1568634
      David Figueroa
      Participant
      Member Points: 4,448
      Rank: 3

      It’s not overly tough, but you need to do a little text parsing, and the idea of a brief description of the activity is far too vague..

      Unfortunately, I don’t have a lot of time to dig in and get the correct regex (I’ve got it stored on my work computer).. you’ll combine the output of quser/qwinsta and qprocess.

      $ComputerList = 'server1','server2'
      foreach ($Computer in $ComputerList) {
      	qwinsta /server:$Computer | foreach-object {
      		$_ -match '[ >](?\w+)\s+(?\w+)\s+(?\d+)\s+?(?\w+)'
      		$ResultHash = @{
      		UserName   = $matches.username
      		SessionID  = $matches.SessionID
      		ServerName = $Computer
      	}
      	$ProcessList = qprocess /id:$ResultHash['SessionID'] /server:$Computer | foreach-object {
      		$_ -match '[ >](<!--?UserName >\w+)\s+(<?SessionName>\w+)\s+(<?SessionID>\d+)\s+(<?PID>\d+)\s+(<?ProcessName>\w+)'<br ?->
      		$ResultHash['ProcessList'] = $Matches.ProcessName -join ','
      	}
      	$ResultHash | Select-object -property UserName,SessionID,ServerName,ProcessList
      }
      

      Sorry..the code block here blew off the indentation. But that should get you started… the clientname is much harder to get without WMI, and even that’s not simple..

      David F.

      avataravatar
      • #1568635
        Michael Pietroforte
        Keymaster
        Member Points: 38,765
        Author of the year 2018
        Rank: 4

        To post code with indentation, you have to use the text editor instead of the visual editor. I added the indentation.

        • #1568657
          David Figueroa
          Participant
          Member Points: 4,448
          Rank: 3

          Thank you 🙂 I did use the text editor, but obviously I did something wrong.. thank you again.

           

          David F.

        • #1568658
          Michael Pietroforte
          Keymaster
          Member Points: 38,765
          Author of the year 2018
          Rank: 4

          There is something in your code that confuses the regex security filters of the forum software. So I guess you did it right.

      • #1568661
        Faiz Qureshi
        Participant
        Member Points: 214
        Rank: 2

        Thank you all for the useful suggestions, I am new to Powershell.

        Tried running code suggested by David but I am getting errors for the Regex as shown below, any suggestions

         

        parsing “[ >](?\w+)\s+(?\w+)\s+(?\d+)\s+?(?\w+)” – Unrecognized grouping construct.
        At line:4 char:9
        + $_ -match ‘[ >](?\w+)\s+(?\w+)\s+(?\d+)\s+?(?\w+)’
        + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo : OperationStopped: (:) [], ArgumentException
        + FullyQualifiedErrorId : System.ArgumentException

        qprocess : Invalid parameter(s)
        At line:10 char:20
        + … ocessList = qprocess /id:$ResultHash[‘SessionID’] /server:$Computer | …
        + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo : NotSpecified: (Invalid parameter(s):String) [], RemoteException
        + FullyQualifiedErrorId : NativeCommandError

    • #1568663
      David Figueroa
      Participant
      Member Points: 4,448
      Rank: 3

      I fully expected it would need tweaking.. the main thing was to show the idea I had on how to put together that information.

      The stuff you show in your example is obviously different than what I had, even though I can’t be 100% sure what I had was right (I was doing it on the fly, and I’m not a RegEx expert).  The idea is to take the output from the two commands (qwinsta, quser), parse it, and assemble a hash table of the results, and use that to run the 3rd command (qprocess) to get the activity.

      David F.

Viewing 3 reply threads
  • You must be logged in to reply to this topic.
© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account