SAPIEN Resources

 

«
»

November PowerShell One-liner

[This month's SAPIEN newsletter offered this one liner I thought I'd share with the rest of you].

The following one line PowerShell expression should show you who is logged on to a specific server and desktop and for how long. Most logon sessions use a single instance of Explorer.exe, although it is possible for a user to manually start additional instances of Explorer.exe.

Get-WmiObject win32_process -filter "name='explorer.exe'" -computer "SERVER01"  |
select @{name="Computer";Expression={$_.CSNAME}},@{Name="Owner";Expression={
"{0}\{1}" -f $_.getOwner().Domain,$_.getOwner().User}},
@{name="Started";Expression={$_.ConvertToDateTime($_.creationdate)}},
@{name="Duration";Expression={
$started=$_.ConvertToDateTime($_.creationdate)
$now=Get-Date
($now-$started).toString()}},
@{name="KernelModeTime(s)";Expression={$_.KernelModeTime/10000000}},
@{name="UserModeTime(s)";Expression={$_.UserModeTime/10000000}}

This should give you output like this:

Computer          : SERVER01
Owner             : MyCompany\Jeff
Started           : 10/20/2008 9:01:38 AM
Duration          : 1.05:47:58.8702700
KernelModeTime(s) : 123.8179937
UserModeTime(s)   : 51.9795332


The KernelMode and UserMode times are in seconds. Because this is an object, you can pipe it to other cmdlets to sort, filter, export or convert. If you have comments or questions about this or anything else PowerShell, please visit the forums at ScriptingAnswers.com.

Download this code.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Technorati Tags: , , ,

Tags: , , ,

This entry was posted on Monday, November 3rd, 2008 at 5:00 pm and is filed under Windows PowerShell. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

5 Responses to “November PowerShell One-liner”

  1. Bas Steelooper Says:
    November 4th, 2008 at 12:36 am

    Hello,

    When running the script I receive the following result:

    PS C:\Users\Me> Get-WmiObject win32_process -filter “name=’explorer.exe’” -computer “NL-PC” | select @{nam
    e=”Computer”;Expression={$_.CSNAME}},@{Name=”Owner”;Expression={ “{0}\{1}” -f $_.getOwner().Domain,$_.getOwner().User}},
    @{name=”Started”;Expression={$_.ConvertToDateTime($_.creationdate)}},@{name=”Duration”;Expression={ $started=$_.ConvertT
    oDateTime($_.creationdate); $now=Get-Date($now-$started).toString()}},@{name=”KernelModeTime(s)”;Expression={$_.KernelMo
    deTime/10000000}},@{name=”UserModeTime(s)”;Expression={$_.UserModeTime/10000000}}
    Select-Object : The operation ‘[$null] – [System.DateTime]‘ is not defined.
    At line:1 char:90
    + Get-WmiObject win32_process -filter “name=’explorer.exe’” -computer “NL-PC” | select <<<< @{name=”Computer”;Exp
    ression={$_.CSNAME}},@{Name=”Owner”;Expression={ “{0}\{1}” -f $_.getOwner().Domain,$_.getOwner().User}},@{name=”Started
    “;Expression={$_.ConvertToDateTime($_.creationdate)}},@{name=”Duration”;Expression={ $started=$_.ConvertToDateTime($_.c
    reationdate); $now=Get-Date($now-$started).toString()}},@{name=”KernelModeTime(s)”;Expression={$_.KernelModeTime/100000
    00}},@{name=”UserModeTime(s)”;Expression={$_.UserModeTime/10000000}}
    + CategoryInfo : InvalidResult: (\\NL-PC\ro…s.Handle=”3604″:PSObject) [Select-Object], RuntimeExce
    ption
    + FullyQualifiedErrorId : PropertyEvaluationNoExpand,Microsoft.PowerShell.Commands.SelectObjectCommand

    Computer : NL-PC
    Owner : NL\Me
    Started : 4-11-2008 9:18:50
    Duration :
    KernelModeTime(s) : 3,9624254
    UserModeTime(s) : 5,1948333

  2. Jason Stangroome Says:
    November 4th, 2008 at 3:43 am

    Can I suggest replacing the hard-coded explorer.exe process name for the value found in the WinLogon\Shell registry key or associated value in the domain account settings.

    This would make the results more accurate for profiles configured to run something other than Explorer on login.

  3. Jeffery Hicks Says:
    November 4th, 2008 at 4:07 am

    Jason, by all means modify the code as you need. I understand your point but I wanted to keep it as simple as possible.

  4. Jeffery Hicks Says:
    November 4th, 2008 at 4:09 am

    Bas, it looks like you aren’t getting a connection to the server so the rest of the code is erroring out. If you can, would you please post something in the PowerShell forum at ScriptingAnswers.com? It will be much easier for me to help you in that setting than going back and forth with blog comments.

  5. Bas Steelooper Says:
    November 5th, 2008 at 4:11 am

    Hello Jeffery,

    The connection is to the local machine. It was to test if that was working.But I cannot even reconstruct that error…

    But I found that before “$now=Get-Date” an Expression Error is found. And placed an ; there and tried putting an , there. this both solved the “Unexpected token ‘now’ in expression or statement.” but doesn’t let me run the script. I posted in the forum : http://www.scriptinganswers.com/forum2/forum_posts.asp?TID=2376

    regards,

    Bas Steelooper


Entries (RSS) and Comments (RSS).