Author Posts

April 18, 2017 at 10:02 pm

I'd like to have an email notification on user logon to certain machines. It's a domain environment so username would be a nice to have in the email. I can create a logon triggered scheduled task to run a script but not sure how to get the script to figure out what user logged on since $env:username would give me the user account that runs the task.

April 19, 2017 at 1:22 pm

Seems like getting the right event with Get-WinEvent and turning it to XML then looking for logon type 10 and process System32 got me the account name so I could insert it into email body.

April 21, 2017 at 1:07 pm

Hi JC,
You could also try to get currently logged in users from WMI Win32_ComputerSystem class.

(Get-CimInstance -class Win32_ComputerSystem).username
#If user is logged in, it will return string DOMAIN\username

April 21, 2017 at 3:57 pm

Thanks Aleksandras. That's a good idea too although I'm more interested in the user that just logged in rather than all users logged in.

April 21, 2017 at 5:15 pm

Tried to do "Switch account" and then get username from Win32_ComputerSystem. Looks like it return only one currently logged in user. Info from MSDN:

Data type: string
Access type: Read-only
Qualifiers: MappingStrings ("Win32API|System Information Functions|GetUserName")
Name of a user that is logged on currently. This property must have a value. In a terminal services session, UserName returns the name of the user that is logged on to the console—not the user logged on during the terminal service session.

April 21, 2017 at 7:26 pm

This works on my home PC but not on my office Server 2012R2 domain member. Doesn't return anything.

April 22, 2017 at 6:24 am

I would also choose the eventlog path.. Since your only interested in "some" clients, I would setup Windows Event Forwarding Service and create a policy for the clients in question.. then you can run the script from a centralized location..

April 24, 2017 at 8:17 am

It returns null if you're logged in via RDP.

April 26, 2017 at 8:11 am

This would explain it đŸ™‚ Many thanks