Here is a quick tip that shows how to use PowerShell Cmdlet Get-WmiObject to check whether someone is accessing your shared network resources via the network.
To get started, open PowerShell as Administrator window first. You will need the Administrator’s privileges to be able to perform the task. Then, try to run the following cmdlet and see what results are.
Get-WmiObject -Class Win32_ServerConnection
If you are running this on a workstation, you probably will get no result, which also means good because no one is accessing your computer at the moment. But if you are running this on a machine that acts as a file server with a few shared folders setup, you will see a lot of entries showing.
You can also perform the same cmdlet to a remote computer as well, add the -ComputerName parameter to see who is accessing the shared resources on that remote machine. And obviously, it requires you have the administrator privilege on the target machine.
Get-WmiObject -Class Win32_ServerConnection -ComputerName remotecomputer
To get a better output layout, pipe through the result to Select-Object cmdlet, such as
Get-WmiObject -Class Win32_ServerConnection -ComputerName remotecomputer | Select-Object -Property ComputerName, Username, ShareName, NumberofFiles
You can also sort the result to see who is accessing the files the most using Sort-Object cmdlet.
Get-WmiObject -Class Win32_ServerConnection -ComputerName remotecomputer | Select-Object -Property ComputerName, Username, ShareName, NumberofFiles | Sort-Object NumberOfFiles -Descending
Or, only show the computers who are accessing more than 5 files at the moment, using Where-Object.
Get-WmiObject -Class Win32_ServerConnection -ComputerName remotecomputer | Select-Object -Property ComputerName, Username, ShareName, NumberofFiles | Where-Object {$_.NumberOfFiles -GT 5} | Sort-Object NumberOfFiles -Descending