[This month’s SAPIEN newsletter offered this one liner I thought I’d share with the rest of you].
The following one line PowerShell expression should show you who is logged on to a specific server and desktop and for how long. Most logon sessions use a single instance of Explorer.exe, although it is possible for a user to manually start additional instances of Explorer.exe.
Get-WmiObject win32_process -filter "name='explorer.exe'" -computer "SERVER01" |
select @{name="Computer";Expression={$_.CSNAME}},@{Name="Owner";Expression={
"{0}\{1}" -f $_.getOwner().Domain,$_.getOwner().User}},
@{name="Started";Expression={$_.ConvertToDateTime($_.creationdate)}},
@{name="Duration";Expression={
$started=$_.ConvertToDateTime($_.creationdate)
$now=Get-Date
($now-$started).toString()}},
@{name="KernelModeTime(s)";Expression={$_.KernelModeTime/10000000}},
@{name="UserModeTime(s)";Expression={$_.UserModeTime/10000000}}
This should give you output like this:
Computer : SERVER01
Owner : MyCompany\Jeff
Started : 10/20/2008 9:01:38 AM
Duration : 1.05:47:58.8702700
KernelModeTime(s) : 123.8179937
UserModeTime(s) : 51.9795332
The KernelMode and UserMode times are in seconds. Because this is an object, you can pipe it to other cmdlets to sort, filter, export or convert. If you have comments or questions about this or anything else PowerShell, please visit the forums at ScriptingAnswers.com.
Download this code.
Hello,
When running the script I receive the following result:
PS C:\Users\Me> Get-WmiObject win32_process -filter “name=’explorer.exe'” -computer “NL-PC” | select @{nam
e=”Computer”;Expression={$_.CSNAME}},@{Name=”Owner”;Expression={ “{0}\{1}” -f $_.getOwner().Domain,$_.getOwner().User}},
@{name=”Started”;Expression={$_.ConvertToDateTime($_.creationdate)}},@{name=”Duration”;Expression={ $started=$_.ConvertT
oDateTime($_.creationdate); $now=Get-Date($now-$started).toString()}},@{name=”KernelModeTime(s)”;Expression={$_.KernelMo
deTime/10000000}},@{name=”UserModeTime(s)”;Expression={$_.UserModeTime/10000000}}
Select-Object : The operation ‘[$null] – [System.DateTime]’ is not defined.
At line:1 char:90
+ Get-WmiObject win32_process -filter “name=’explorer.exe'” -computer “NL-PC” | select <<<< @{name=”Computer”;Exp
ression={$_.CSNAME}},@{Name=”Owner”;Expression={ “{0}\{1}” -f $_.getOwner().Domain,$_.getOwner().User}},@{name=”Started
“;Expression={$_.ConvertToDateTime($_.creationdate)}},@{name=”Duration”;Expression={ $started=$_.ConvertToDateTime($_.c
reationdate); $now=Get-Date($now-$started).toString()}},@{name=”KernelModeTime(s)”;Expression={$_.KernelModeTime/100000
00}},@{name=”UserModeTime(s)”;Expression={$_.UserModeTime/10000000}}
+ CategoryInfo : InvalidResult: (\\NL-PC\ro…s.Handle=”3604″:PSObject) [Select-Object], RuntimeExce
ption
+ FullyQualifiedErrorId : PropertyEvaluationNoExpand,Microsoft.PowerShell.Commands.SelectObjectCommand
Computer : NL-PC
Owner : NL\Me
Started : 4-11-2008 9:18:50
Duration :
KernelModeTime(s) : 3,9624254
UserModeTime(s) : 5,1948333
Can I suggest replacing the hard-coded explorer.exe process name for the value found in the WinLogon\Shell registry key or associated value in the domain account settings.
This would make the results more accurate for profiles configured to run something other than Explorer on login.
Jason, by all means modify the code as you need. I understand your point but I wanted to keep it as simple as possible.
Bas, it looks like you aren’t getting a connection to the server so the rest of the code is erroring out. If you can, would you please post something in the PowerShell forum at ScriptingAnswers.com? It will be much easier for me to help you in that setting than going back and forth with blog comments.
Hello Jeffery,
The connection is to the local machine. It was to test if that was working.But I cannot even reconstruct that error…
But I found that before “$now=Get-Date” an Expression Error is found. And placed an ; there and tried putting an , there. this both solved the “Unexpected token ‘now’ in expression or statement.” but doesn’t let me run the script. I posted in the forum : http://www.scriptinganswers.com/forum2/forum_posts.asp?TID=2376
regards,
Bas Steelooper