Close process which isn't invoked by Current Logged-in user

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
Abhishek_Paul
Posts: 24
Joined: Thu Apr 27, 2017 7:51 am

Close process which isn't invoked by Current Logged-in user

Post by Abhishek_Paul »

I have a computer where multiple users switch user accounts and open different browser tabs.
I want to select all chrome.exe process which is not invoked by the currently logged-in user and kill them.

Basically, I want to clean cached user login details for all other users from chrome without closing the currently logged-in user's browser.
I need to do all these using PS-remoting
Till now, this is what I have done:

Code: Select all

Get-WmiObject -Class Win32_Process -Filter 'Name = "chrome.exe"' | ForEach-Object { $_.GetOwnerSID().SID }
This gives all the SIDs of chrome.exe is running on local machine. However, this doesn't work on PS-remoting :cry:

Second, I need to get the SID of Currently logged in user :

Code: Select all

 
 $UserProfiles = Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*" | Where { $_.PSChildName -match "S-1-5-21-(\d+-?){4}$" } | Select-Object @{ Name = "SID"; Expression = { $_.PSChildName } }, @{ Name = "UserHive"; Expression = { "$($_.ProfileImagePath)\NTuser.dat" } }
			
			
			# Add in the .DEFAULT User Profile
			$DefaultProfile = "" | Select-Object SID, UserHive
			$DefaultProfile.SID = ".DEFAULT"
			$DefaultProfile.Userhive = "C:\Users\Public\NTuser.dat"
			$UserProfiles += $DefaultProfile
			
			# Loop through each profile on the machine</p>
			Foreach ($UserProfile in $UserProfiles)
			{
				# Load User ntuser.dat if it's not already loaded
				if(($ProfileWasLoaded = Test-Path Registry::HKEY_USERS\$($UserProfile.SID)))
				{
					
                    			Write-Host "$($UserProfile.SID)" -ForegroundColor yellow
				}
				
				
			}  
 
With my testing, I found that sometimes it gives two results. That means if the user is disconnected or switched then it's not solving my purpose.

So, I need to find a way to get Currently logged in user details & close the each chrome.exe process associated with it.All this has to be done using Powershell V2 & PS-remoting
Any other method or help is really appreciated.

jvierra
Posts: 14543
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Close process which isn't invoked by Current Logged-in user

Post by jvierra »

You don't need to use remoting.

Code: Select all

$chrome =Get-WmiObject -Class Win32_Process -Filter 'Name = "chrome.exe"'  -ComputerName RemotePC| 
	Where-Object { $_.GetOwner() -ne 'jsmith'}

jvierra
Posts: 14543
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Close process which isn't invoked by Current Logged-in user

Post by jvierra »

To get the currently logged on user:

Code: Select all

Get-WmiObject win32_computersystem -ComputerName RemotePC| 
	Select-Object username

User avatar
Abhishek_Paul
Posts: 24
Joined: Thu Apr 27, 2017 7:51 am

Re: Close process which isn't invoked by Current Logged-in user

Post by Abhishek_Paul »

I got Nothing as output :

Code: Select all

Get-WmiObject win32_computersystem -ComputerName RemotePC| 
	Select-Object username
OUTPUT:

Code: Select all

UserName
-------- 
I also run the code locally, but same result.

Code: Select all

Get-WmiObject win32_computersystem|Select-Object username
However, when I checked for members I got username exists as one of the members:

Code: Select all

Get-WmiObject win32_computersystem| Get-member
Output:

Code: Select all

UserName                    Property     System.String UserName {get;set;}

jvierra
Posts: 14543
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Close process which isn't invoked by Current Logged-in user

Post by jvierra »

If the user is logged in with remote desktop then you cannot tell who is logged in. You can use "qwinsta" to detect remote users and if they are connected.

User avatar
Abhishek_Paul
Posts: 24
Joined: Thu Apr 27, 2017 7:51 am

Re: Close process which isn't invoked by Current Logged-in user

Post by Abhishek_Paul »

Hi Jvierra,
Thanks for the tip about "qwinsta".

Code: Select all

qwinsta /SERVER:localhost
this is acting like a charm on the local computer.However, when I am trying to run it on a remote computer I am getting access denied ERROR.
From this ERROR, I understand that there is an access issue.So, I used cmdkey.exe to add domain credential to my local computer.

Code: Select all

cmdkey /add:targetname /user:username /pass:password
after this, I am able to access Admin share on remote computer without any authentication. However, "qwinsta" doesn't work as well.
I also tried to run the command in PS-Remoting, but got ERROR: "The term 'qwinsta.exe /SERVER:localhost' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. "
I also tried the path: C:\Windows\System32\qwinsta.exe , but got the same error.
Please note I am using Powershell V2 on the remote computer.

jvierra
Posts: 14543
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Close process which isn't invoked by Current Logged-in user

Post by jvierra »

Computer OSs that are out-of-support such as XP do not have this utility.

User avatar
Abhishek_Paul
Posts: 24
Joined: Thu Apr 27, 2017 7:51 am

Re: Close process which isn't invoked by Current Logged-in user

Post by Abhishek_Paul »

All the computer as Win7 System.

jvierra
Posts: 14543
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: Close process which isn't invoked by Current Logged-in user

Post by jvierra »

I just tested against a couple of remote Win 7 systems and qwinsta works as expected.
Don't use localhost.

qwinsta

Code: Select all

[ws702]: PS C:\Users\TestAdmin\Documents> qwinsta
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
>services                                    0  Disc
 console                                     6  Conn
 rdp-tcp                                 65536  Listen

User avatar
Abhishek_Paul
Posts: 24
Joined: Thu Apr 27, 2017 7:51 am

Re: Close process which isn't invoked by Current Logged-in user

Post by Abhishek_Paul »

Hi Jvierra,
Thanks for your quick response. Once I reboot the computer I am getting the result as well.
However, with PowerShell I am trying to get a list of usernames which is active.I am using the below code.This works fine on the local computer but not on ps-remoting.

Code: Select all

qwinsta | foreach { (($_.trim() -replace “s+”,”,”))} | ConvertFrom-Csv  
This works fine locally but not in ps-remoting.

On PS-remoting if I run qwinsta I get the desired result, but if I run above piece of code, then it complains about ConvertFrom-Csv.
ERROR: ConvertFrom-Csv : Cannot process argument because the value of argument "name" is invalid. Change the value of the "name" argument and run the operation again
To fix this, I addes -header parameter .

Code: Select all

 & qwinsta.exe | foreach { (($_.trim() -replace “s+”,”,”))} |ConvertFrom-Csv -Header("SessionName","Username","ID","State","type","Device")
Buth this also Didn't fixed the issue.We are very close. Please suggest.
Last edited by Abhishek_Paul on Tue Aug 22, 2017 8:49 am, edited 1 time in total.

Locked