Author Posts

June 11, 2017 at 3:53 am

Hi All,

I'm trying to get the currently logged in user and logon time, and I'm doing it like this:

$User = (Get-WmiObject -Class Win32_Process -ComputerName $ComputerName| Where-Object Name -Match Explorer).GetOwner().User
$Time = (Get-WmiObject -Class Win32_Process -ComputerName $ComputerName| Where-Object Name -Match Explorer).CreationDate

I know I will get yelled at for the noobiness shown in this code but I just fell in love with PowerShell and I'm writing as much code as possible, but anyway, I need a more elegant way to do it since there's a chance that more than 1 user is logged in, so, I need to match the User and Log in time.

Any enlightenment will be greatly appreciated

June 11, 2017 at 5:49 am

something like this...

$ComputerName = $env:COMPUTERNAME
$explorer = (get-wmiobject -Class win32_process -ComputerName $computername | Where-Object name -Match explorer)
foreach ( $e in $explorer){      
    
    $properties = @{computername = $ComputerName
                        user = ($e.getowner().user)
                        time = ($e.creationdate)
                        }
         
     $obj = New-Object -TypeName psobject -Property $properties
     Write-Output $obj

    }

June 11, 2017 at 5:51 am

Hey mate,

From PowerShell v4 you can add the IncludeUserName switch, so you should be able to get what you're looking for like this:

 Get-Process explorer -IncludeUserName | select UserName,StartTime 

If you need to run it remotely, you should be able to wrap it in an Invoke-Command Scriptblock.
Hope this helps.

June 11, 2017 at 7:27 am

This should work to:
Get the name and session's id from:

Get-WmiObject Win32_LoggedOnUser

The the time from:

Get-WmiObject Win32_Logonsession

June 11, 2017 at 1:13 pm

Gentlemen, I tip my hat to you.

Thank you.

June 11, 2017 at 1:28 pm

In case some other noob needs a code like this I'm posting my version below (which is Frank's code with a little modification for date formatting)

$ComputerName = $env:COMPUTERNAME

$Explorer = (Get-WmiObject -Class Win32_Process -ComputerName $ComputerName | Where-Object Name -Match Explorer)

ForEach ($User In $Explorer) {      
    
         $Properties = @{ComputerName = $ComputerName
                         User = ($User.Getowner().User)
                         Time = [System.Management.ManagementDateTimeConverter]::ToDateTime($User.CreationDate) 
                        }
         
         $OutputObj = New-Object -TypeName PSObject -Property $Properties
     
         Write-Output $OutputObj

}

Thanks again guys.

June 12, 2017 at 1:49 pm

If you want to use the CIM cmdlets which are the preferred solution try this

$ComputerName = $env:COMPUTERNAME

Get-CimInstance -ClassName Win32_Process -ComputerName $ComputerName -Filter "Name = 'explorer.exe'" | 
foreach {
   
   $lguser = Invoke-CimMethod -InputObject $psitem -MethodName GetOwner
   
   $Properties = @{
      ComputerName = $ComputerName
      User = $lguser.User
      Domain = $lguser.Domain
      Time = $User.CreationDate 
   }
         
   New-Object -TypeName PSObject -Property $Properties
}

You have to use Invoke-CimMethod to get the process owner (I've also added the domain). Getting the date is easier because the CIM cmdlets perform the date formatting

June 12, 2017 at 11:55 pm

Hi Richard,

I will try that, however, in my environment CIM doesn't seems to work.

But I appreciate the code.