Powershell? Capturing session information.

RedTen

RedTen

RedTen

Associate
Joined
23 Jun 2007
Posts
552
Location
South East
I'm looking for a script or utility that can be used to essentially capture what is displayed via the task manager.

In an ideal world it would include username, logon time, open applications/running processes, memory status etc.

Is this something that could be achieved with a powershell script or could any of you suggest a utility that would offer something similar?

The goal is to provide consistent information when service desk agents are logging calls. Any suggestions welcome!

TIA
 
So you want a snapshot of everything running on a machine at the moment the script is run? If so it's fairly straightforward.

Code: 
$ComputerName = $args[0]

"Processes:"
Get-Process -ComputerName $ComputerName | Format-Table -AutoSize
""
"Services:"
Get-Service -ComputerName $ComputerName | Format-Table -AutoSize

Above is really basic, but might get you going down the right path. Will list running processes and services.

Are you familiar with powershell at all? Great introduction to it here:
http://www.powershellpro.com/powershell-tutorial-introduction/tutorial-windows-powershell-console/
 
Washout said:
So you want a snapshot of everything running on a machine at the moment the script is run? If so it's fairly straightforward.

Code: 
$ComputerName = $args[0]

"Processes:"
Get-Process -ComputerName $ComputerName | Format-Table -AutoSize
""
"Services:"
Get-Service -ComputerName $ComputerName | Format-Table -AutoSize

Above is really basic, but might get you going down the right path. Will list running processes and services.

Are you familiar with powershell at all? Great introduction to it here:
http://www.powershellpro.com/powershell-tutorial-introduction/tutorial-windows-powershell-console/
Click to expand...

Thanks for the suggestions there.

The issue I have is I won't always know the computer name and the end user will working in a Citrix environment so I need 'session' rather than machine.

I'll continue to read!
 
Could start by using this script:
https://gallery.technet.microsoft.com/scriptcenter/d46b1f3b-36a4-4a56-951b-e37815a2df0c

You pass it a list of computers and it will come back with who is logged into each.
I'd probably have a look how they've done it, and re-write so more tailored for yourself and you get a better understanding at same time.
You could just call that script and assign it to a variable, then check for the username of the user you're looking for. That should get a hostname.

Now you know where they are you can use the script from earlier. Had a look and Get-Process doesn't seem to give you the owner of the process. What some clever chap out there did was to combine it with a wmi win32_process call to get the desired results.

$owners = @{}
gwmi win32_process |% {$owners[$_.handle] = $_.getowner().user}

get-process | select processname,Id,@{l="Owner";e={$owners[$_.id.tostring()]}}

None of this is mine btw! I'll try to do a script later that'll combine these two together...
 
Had a go and think this may work:
Code: 
$TargetUser = "username"

. ".\Get-LoggedOnUser.ps1"

$LoggedInUsers = Get-LoggedOnUser -ComputerName computer1, computer2

""
"All logged in users:"
$LoggedInUsers

""
"Machines user '" + $TargetUser + "' is logged into:"
$TargetComputer = $LoggedInUsers | Where {$_.LoggedOn -Eq $TargetUser}
$TargetComputer

If ($TargetComputer.Count -Gt 1)
{
    ""
    "Warning: '" + $TargetUser + "' is logged into more than one machine!"
}
Else
{
    ""
    "Processes running on '" + $TargetComputer.Computer + "':"
    $Owners = @{}
    Get-WmiObject Win32_Process -ComputerName $TargetComputer.Computer | % {$Owners[$_.Handle] = $_.GetOwner().User}
    $Processes = Get-Process -ComputerName $TargetComputer.Computer | Select ProcessName, Id, VM, WS, PM, NPM, @{l="Owner";e={$Owners[$_.Id.ToString()]}}
    $Processes #| Where {$_.Owner -Eq $TargetUser} | Format-Table -AutoSize
}

So basically you feed it a list of hosts they could be on. It will check each of these for who is logged in (assuming the account running the check has access).
Once it has a list it will compare and find the machine(s) the target user is on.
If they are on more than one it'll bail and let you know. Could change it to scan all machines they are on if you wanted though...

It then using the bit of code I found (https://social.technet.microsoft.co...ac7-bcaf-738315a70863/getprocess-and-username) scans the target machine for all processes.

I've commented out a little bit that will only show processes running for your target user as you may want to see who else is on the host and what they're doing...
 
You must log in or register to reply here.
Back
Top Bottom