Get current logged on user (console or RDP) while running under alt credentials

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Chris LaRue Chris LaRue 4 months, 3 weeks ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #38642
    Profile photo of Chris LaRue
    Chris LaRue
    Participant

    I have a script that is running under alternate credentials and needs to get the username of the current logged in user.

    My current solution only works for consoled users:

    Get-WMIObject -class Win32_ComputerSystem -Property username | select username

    I need a solution that will work for RDP as well.

    Unfortunately most of the simple solutions like [Environment]::username will only report the alternate credential running the script and not the true logged in username. The Get-WMIObject method works great except for remote desktop scenarios like RDP to a virtual machine.

    I have tried methods like "query user" however this reports all the logged users and I only want the exact current user. In the case of RDP you might have several active sessions and that doesn't work. I need just the current user who triggered the process.

    My full script looks like this

    import-module activedirectory
    function Get-GroupMembership($DN,$group){
    	$objEntry = [adsi]("LDAP://"+$DN)
    	$objEntry.memberOf | where { $_ -match $group}
    }
    
    $nUser = Get-WMIObject -class Win32_ComputerSystem -Property username | select username
    $cUser = $nUser.username -split 'domain\\' 
    $pUser = Get-ADUser -Identity $cUser[1] | select Name, DistinguishedName
    #$pUser.DistinguishedName
    #$aUser = $pUser.name -replace ",","\,"
    $aUser = $pUser.DistinguishedName
    $bUser = $pUser.name
    If (Get-GroupMembership "$aUser" "IMO Collection")
    {
        $imo = $True
        "[IMO] $bUser"
        "$bUser [IMO]" | CLIP
    }
    Else
    {
        $imo = $False
        "$bUser"
        "$bUser" | CLIP
    }
    

    The basic purpose is to display the current logged in user name into an HTA application and identify if the user is part of special active directory security group. If they are a member of the AD group additional features are enabled in the HTA for them. The HTA calls this script during the body onload() process. The user triggers this HTA via the SCCM 2012 Software Center (thus why the HTA runs under system credentials).

    #38643
    Profile photo of Matt Bloomfield
    Matt Bloomfield
    Participant

    Is only one user running the process and do you know the process name? You could try the getOwner() method of Win32_Process.

    (Get-WmiObject Win32_Process -Filter "Name='notepad.exe'").getOwner() | Select User
    
    #38644
    Profile photo of Chris LaRue
    Chris LaRue
    Participant

    Interesting idea using getOwner()

    (Get-WmiObject Win32_Process -Filter "Name='notepad.exe'").getOwner() | Select User

    Unfortunately mshta.exe shows "system" as the user so that wont work.

    The SCClient.exe (SCCM Software Center) does so the correct user. Unfortunately if more then one person has the software center open it will report all their usernames. Granted the chances of more then one user having the software center open at the same time is minimal but its still not a 100% reliable scenario.

    A possible solution would be to count the number of users getOwner() returns, if more then one then return a different value (one that blocked the enhanced features to defeat scope creep).

    Possible example

    $test = (Get-WmiObject Win32_Process -Filter "Name='scclient.exe'").getOwner() | Select User
    If ($test.count -gt 1)
    {
         "More then one user found"
    }
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.