We are using IO.FileSystemWatcher watcher for test purposes on our QA machine running W2012R2.
– The PS script runs as schedule task every time a new user do a login in the machine.
The Powershell script SystemFileMonitor works well, with exception that is not capturing the Username who made the change, instead is always capturing the Username that is running the Schedule Task.
Any ideas? I even tried capture a service owner, but still same issue.
Here is the Code:
Always we get the Log DUMP like below (Username that is running schedule task on the server):
THANK YOU for any ideas.
$userLogged = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
Is always going to return the context of the user who ran the script – meaning, however the Scheduled Task is configured. There's no way to change that – Windows can have processes running from dozens of users, and they're all essentially walled off from each other. You could perhaps query something like Win32_UserSession (I think, maybe Win32_Session?) and look for Interactive session types. Those should represent physically logged-on users of the machine.
Thank you Don. I'll check on this.
You must be logged in to reply to this topic.