Solved

Need a way to filter output from psloggedon.exe

Posted on 2013-07-02
16
982 Views
Last Modified: 2013-07-03
Hi i got a script that uses a input.txt with computernames in it, then runs a psloggedon on mutiplemachines.

'On Error Resume Next
Set objExcel = CreateObject("Excel.Application")
Set objWorkbook = objExcel.Workbooks.Open("C:\SMS_Discovery\maskiner.txt")
x = 1
Do Until objExcel.Cells(x, 1).Value = ""
    If objExcel.Cells(x, 1).Value = "" Then
        Exit Do
    End If
    strComputer = objExcel.Cells(x, 1).Value
Set WshShell = WScript.CreateObject("WScript.Shell")
errorReturn = WshShell.Run("%comspec% /c C:\SMS_Discovery\psloggedon.exe \\" & strComputer & " >>C:\SMS_Discovery\Results.csv", 0, True)
x = x + 1
Loop
objWorkbook.Close
objExcel.Quit

msgbox "script complete!"

Wscript.Quit(0)

Open in new window


Now id like to filter output into diffrent colums in a csv file,

Like :

colum 1                                                         | colum 2                          | Colum 3
Connecting to Registry of \\computername  | Users logged on locally  | error connecting

Vbs, powershell, or another tool that can do the same other then psloggedon.
Im working in a domain ofc.

Thank you in advanced .
0
Comment
Question by:firmapost
  • 7
  • 6
  • 3
16 Comments
 
LVL 68

Expert Comment

by:Qlemo
ID: 39292695
IMHO that CSV output doesn't make sense. I would expect you wanted something like:
    Computername | Username | Logon Time
and that only for users logged on locally (psloggedon -L).
0
 
LVL 42

Expert Comment

by:sedgwick
ID: 39292698
0
 

Author Comment

by:firmapost
ID: 39292732
IMHO that CSV output doesn't make sense. I would expect you wanted something like:
    Computername | Username | Logon Time
and that only for users logged on locally (psloggedon -L).

Yes Correct, i didint make the script, its what im trying to work with now. ill gladly accept another script or method to make this work.

i tryed the spiceworks script but all i get on every complete computer is a output of error.
And i tested and know the computers are online.
0
 
LVL 42

Expert Comment

by:sedgwick
ID: 39292736
can u describe the requirement again plz?
do u want to loop list of server names and create a csv report which lists which users logged currently to each server?
0
 

Author Comment

by:firmapost
ID: 39292746
can u describe the requirement again plz?
do u want to loop list of server names and create a csv report which lists which users logged currently to each server?

ill tryy to explain what i want :)

I have a list of computers txt,csv...
I want to find out who is loggedon on that list. What user(s)...

And i would like it in a csv file with Like stated above :
Computername | Username | Logon Time
0
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 39292797
function Get-ADUserLastLogon([string]$username)
{
	$user = Get-ADUser $username | Get-ADObject -Properties lastLogon 
	[datetime]::FromFileTime($user.LastLogon)
}
  
$CSV = @()
gc c:\temp\servers.txt | %{
	$server =  $_
	try{
		$users = get-wmiobject win32_computersystem -computer $server | select username
		$users | %{
			$CSV += New-Object PSObject -Property @{
					Server = $server
	                Username = $_.username
	                Error   = ''
					LastLogonTime = Get-ADUserLastLogon $_.username.Split('\')[1]
			}
		}
	}catch [Exception] {
		$CSV += New-Object PSObject -Property @{
					Server = $server
	                Username = ''
	                Error   = $Error[0]
					LastLogonTime = ''
		}	
	}
}
$CSV | Export-Csv C:\result.CSV -NoTypeInformation

Open in new window

0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39292799
Without logon time, could you try following and tell if that is ok?
Get-Content c:\Computers.txt |
  % {
    Get-WmiObject -ComputerName $_ Win32_LogonSession -Filter "LogonType=10"
  } |
  % {
    Get-WmiObject -ComputerName $_.__Server -Query `
      "Associators of {Win32_LogonSession.LogonID=$($_.LogonID)} Where AssocClass=Win32_LoggedOnUser Role=Dependent" -EA SilentlyContinue
  } |
  ft __Server, FullName

Open in new window

If so, replace ft __Server, FullName with select __Server, FullName | export-csv C:\Results.csv
0
 

Author Comment

by:firmapost
ID: 39292944
I get Errors :


Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 42

Expert Comment

by:sedgwick
ID: 39292963
it means the server name is invalid or the server is shut down
0
 

Author Comment

by:firmapost
ID: 39292993
Well im not familure with PS much, im able to get info about uers with Ps now.
Get-ADUser "username" |fl

But i get that error when using Get-WmiObject. So gues i dont have that option.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39293092
Using the AD cmdlets is much better - if they are available (domains based on W2008R2 and above).
0
 
LVL 42

Expert Comment

by:sedgwick
ID: 39295952
in the script , u use Get-WmiObject with computer name while Get-ADUser is with the username, so its got nothing to do with that.
can u verify that the server names are correct?
do u get this error with specific computer name or to all of them?
0
 

Author Comment

by:firmapost
ID: 39296218
Well this is my error.

Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
At H:\PS\aduserlastlogon.ps1:11 char:25
+         $users = get-wmiobject <<<<  win32_computersystem -computer $server | select username
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMException
    + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

Open in new window

0
 
LVL 42

Expert Comment

by:sedgwick
ID: 39296231
u didn't address my questions, does it happen to all servers or to specific ones?
0
 

Author Closing Comment

by:firmapost
ID: 39296233
Excelent scipr just modify servers.tx with what ever Asset you want to search
0
 

Author Comment

by:firmapost
ID: 39296237
User error as allways from my part :) . Thankyou for all the help sedwick
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

This script checks a path to see if a folder exists. If the folder does exist you will get output "The folder has previously been created. No action taken" If not it will create the folder. Then adds one user modify permission to the folder. It …
"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now