Finding out who’s logging on a computer sometimes very useful to a sysadmin, and doing it in PowerShell seems to be even cooler if no other tools involved.
Normally, you can just fire up Get-WmiObject with calling Win32_ComputerSystem class to get the info. Here is how to get the login on a local computer.
Get-WmiObject -class Win32_ComputerSystem | Format-List Username
(Get-WmiObject -class Win32_ComputerSystem).Username
But pulling info on a local computer doesn’t make much sense. It’s doing the same on a remote computer I am aiming for. Since Get-WmiObject has -computername switch that we can use to call up WmiObject on a remote computer, sticking -computername with a remote computer name should be working flawlessly.
Get-WmiObject -class Win32_ComputerSystem -computername Name | Format-List Username
Well, if this works on your computer, great, that’s all you need to use to check who’s logging on a remote system. But in my case, it doesn’t work. The result came up blank with nothing showing. And it’s not that no one was logging in at the moment.
A quick Google shows it’s quite common happening like this. And there is no solution to fix it for some reason. So what I ended up doing is to take a different route that checks if there are any Explorer processes loaded on the remote computer. If so, then get the owner of each Explorer process and display them. The nice thing about this approach is that I can even get the full list of users who log on a terminal server which often has more than one user logged on. Thanks to this guy. You can download the code from the following download link but you will have to go to here to see the source code and how it works.
You will need to use the same switch -computername to specify a remote computer to check on.
It’s worth point out that since the script is not signed, you will change your PowerShell Execution policy to be able to run the script. And you will need to open PowerShell console as Administrator to change the policy