PowerShell

[Faiz Qureshi]

Hello experts ,

I am looking for a PowerShell script which lets me get user information from all connected servers across the network. Please let me know if there is any such script which I can use or may be tweak a little bit.

We need a simple report that contains information like this:

User ID, Session_ID , Local Client_Host_ID, Remote Server_ID_Connected to, brief_descp_Activity performed

Regards,
Faiz

 

• This topic was modified 4 months, 2 weeks ago by Michael Pietroforte.

[Michael Pietroforte]

How about this one. You computer only has to be an Active Directory domain member.

[David Figueroa]

It’s not overly tough, but you need to do a little text parsing, and the idea of a brief description of the activity is far too vague..

Unfortunately, I don’t have a lot of time to dig in and get the correct regex (I’ve got it stored on my work computer).. you’ll combine the output of quser/qwinsta and qprocess.

$ComputerList = 'server1','server2'
foreach ($Computer in $ComputerList) {
	qwinsta /server:$Computer | foreach-object {
		$_ -match '[ >](?\w+)\s+(?\w+)\s+(?\d+)\s+?(?\w+)'
		$ResultHash = @{
		UserName   = $matches.username
		SessionID  = $matches.SessionID
		ServerName = $Computer
	}
	$ProcessList = qprocess /id:$ResultHash['SessionID'] /server:$Computer | foreach-object {
		$_ -match '[ >](<!--?UserName >\w+)\s+(<?SessionName>\w+)\s+(<?SessionID>\d+)\s+(<?PID>\d+)\s+(<?ProcessName>\w+)'<br ?->
		$ResultHash['ProcessList'] = $Matches.ProcessName -join ','
	}
	$ResultHash | Select-object -property UserName,SessionID,ServerName,ProcessList
}

Sorry..the code block here blew off the indentation. But that should get you started… the clientname is much harder to get without WMI, and even that’s not simple..

David F.

[Michael Pietroforte]

To post code with indentation, you have to use the text editor instead of the visual editor. I added the indentation.

[David Figueroa]

Thank you 🙂 I did use the text editor, but obviously I did something wrong.. thank you again.

 

David F.

[Michael Pietroforte]

There is something in your code that confuses the regex security filters of the forum software. So I guess you did it right.

[Faiz Qureshi]

Thank you all for the useful suggestions, I am new to Powershell.

Tried running code suggested by David but I am getting errors for the Regex as shown below, any suggestions

 

parsing “[ >](?\w+)\s+(?\w+)\s+(?\d+)\s+?(?\w+)” – Unrecognized grouping construct.
At line:4 char:9
+ $_ -match ‘[ >](?\w+)\s+(?\w+)\s+(?\d+)\s+?(?\w+)’
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException

qprocess : Invalid parameter(s)
At line:10 char:20
+ … ocessList = qprocess /id:$ResultHash[‘SessionID’] /server:$Computer | …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Invalid parameter(s):String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError

[David Figueroa]

I fully expected it would need tweaking.. the main thing was to show the idea I had on how to put together that information.

The stuff you show in your example is obviously different than what I had, even though I can’t be 100% sure what I had was right (I was doing it on the fly, and I’m not a RegEx expert).  The idea is to take the output from the two commands (qwinsta, quser), parse it, and assemble a hash table of the results, and use that to run the 3rd command (qprocess) to get the activity.

David F.

[Author]

Posts