Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 269
  • Last Modified:

Script to determine computername of user connected to share

Does any know how I can get the computername of a user connected to a file share?

I started using FSRM to monitor for files that are created when a crypto virus hits. We have had several in the past few weeks.

Currently FSRM sends an email to me and logs an event when ever decrypt_instructions.txt is added to a folder.
 This works pretty good so long as I can get to the user fast enough and have his machine shutdown before it gets too far
 I would like to be able to run a scheduled task on my file servers based on this event id which will shutdown the computer.
 The event log only shows the user and not computer so the script would have to I guess query the active sessions by username , then determine the computername and run the shutdown command against that computer.


Any and all help would be greatly appreciated

WP
0
smithandandersen
Asked:
smithandandersen
  • 2
1 Solution
 
becraigCommented:
0
 
David Johnson, CD, MVPOwnerCommented:
download the full script from the download link as the posted text has an error
get-shareusers.ps1
function get-ShareUsers
{
<#
.SYNOPSIS
   Determine which shares are actively being used by employees.
.DESCRIPTION
   This provides a live time view of shares currently being accessed by employees.  The output can be to the Powershell screen, the out-gridview window, a CSV file, or all of the above.
   
.PARAMETER <paramName>
   ServerName - Used to determine the server to scan.
   GridView - Enables the output to the gridview.
   Export - Enables the output to a CSV file using the export-csv cmdlet.
.EXAMPLE
   <An example of using the script>
#>
[CmdletBinding()]
Param
	(
		#First parameter
    	[parameter(Mandatory=$true, #Makes this a required parameter. The user will be prompted for this item if it is not provided.
    	ValueFromPipeline=$true)] #Allows the server name to be  "Piped" into the function.
    	[String[]] $ServerName, #The name against which to run the query.
		#Second parameter - Sends the output to the out-gridview display.
		[switch] $Gridview, 
		#Third parameter - Sends the output to a CSV file for later used.
		[switch] $Export
  ) 
  
	#Default output to the Powershell interface.
	Get-WmiObject Win32_ServerConnection -ComputerName $ServerName | select  username, sharename, computername | sort sharename | Format-Table -AutoSize
	
	if ($Gridview -eq $true) 
	{
		Get-WmiObject Win32_ServerConnection -ComputerName $ServerName | select  username, sharename, computername | sort sharename | Out-GridView -Title "$computername Share Users"
	}

	if ($Export -eq $true) 
	{
		[string]$filename = $ServerName + "_Share_Users.csv"
		Get-WmiObject Win32_ServerConnection -ComputerName $ServerName | select  username, sharename, computername | sort sharename | Export-Csv -Path	$filename -NoTypeInformation	
	}
}

Open in new window

0
 
QlemoC++ DeveloperCommented:
Not the best piece of software. Much ado about a simple task, nonsense conditions like "$var -eq $true", and doing stuff again for each formatting option. The core function is simple:
Get-WmiObject Win32_ServerConnection -ComputerName $ServerName |
  select  username, sharename, computername |
  sort sharename |
  Format-Table -AutoSize

Open in new window

In your case all you want to know is the PC for a user, so a more direct approach is
$PC = Get-WmiObject Win32_ServerConnection -ComputerName $ServerName | ? { $_Username -eq $user } | Select -First 1 -Expand ComputerName

Open in new window

where $user is the extracted user from EventLog. All you have to do then is to shutdown that machine forcefully, like with
shutdown /m $PC /f /t 15 /s /c "Cryptolocker found! Machine will be shut down now!"

Open in new window

0
 
QlemoC++ DeveloperCommented:
I'm sorry, but I don't understand
a) why it took you so long to accept an answer
b) your choice to accept http:#a40391236

Are you into solutions obfuscating your task at hand?
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now