Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Script to determine computername of user connected to share

Posted on 2014-10-19
Medium Priority
Last Modified: 2015-05-29
Does any know how I can get the computername of a user connected to a file share?

I started using FSRM to monitor for files that are created when a crypto virus hits. We have had several in the past few weeks.

Currently FSRM sends an email to me and logs an event when ever decrypt_instructions.txt is added to a folder.
 This works pretty good so long as I can get to the user fast enough and have his machine shutdown before it gets too far
 I would like to be able to run a scheduled task on my file servers based on this event id which will shutdown the computer.
 The event log only shows the user and not computer so the script would have to I guess query the active sessions by username , then determine the computername and run the shutdown command against that computer.

Any and all help would be greatly appreciated

Question by:smithandandersen
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 29

Expert Comment

ID: 40391167
LVL 83

Accepted Solution

David Johnson, CD, MVP earned 2000 total points
ID: 40391236
download the full script from the download link as the posted text has an error
function get-ShareUsers
   Determine which shares are actively being used by employees.
   This provides a live time view of shares currently being accessed by employees.  The output can be to the Powershell screen, the out-gridview window, a CSV file, or all of the above.
.PARAMETER <paramName>
   ServerName - Used to determine the server to scan.
   GridView - Enables the output to the gridview.
   Export - Enables the output to a CSV file using the export-csv cmdlet.
   <An example of using the script>
		#First parameter
    	[parameter(Mandatory=$true, #Makes this a required parameter. The user will be prompted for this item if it is not provided.
    	ValueFromPipeline=$true)] #Allows the server name to be  "Piped" into the function.
    	[String[]] $ServerName, #The name against which to run the query.
		#Second parameter - Sends the output to the out-gridview display.
		[switch] $Gridview, 
		#Third parameter - Sends the output to a CSV file for later used.
		[switch] $Export
	#Default output to the Powershell interface.
	Get-WmiObject Win32_ServerConnection -ComputerName $ServerName | select  username, sharename, computername | sort sharename | Format-Table -AutoSize
	if ($Gridview -eq $true) 
		Get-WmiObject Win32_ServerConnection -ComputerName $ServerName | select  username, sharename, computername | sort sharename | Out-GridView -Title "$computername Share Users"

	if ($Export -eq $true) 
		[string]$filename = $ServerName + "_Share_Users.csv"
		Get-WmiObject Win32_ServerConnection -ComputerName $ServerName | select  username, sharename, computername | sort sharename | Export-Csv -Path	$filename -NoTypeInformation	

Open in new window

LVL 71

Expert Comment

ID: 40459442
Not the best piece of software. Much ado about a simple task, nonsense conditions like "$var -eq $true", and doing stuff again for each formatting option. The core function is simple:
Get-WmiObject Win32_ServerConnection -ComputerName $ServerName |
  select  username, sharename, computername |
  sort sharename |
  Format-Table -AutoSize

Open in new window

In your case all you want to know is the PC for a user, so a more direct approach is
$PC = Get-WmiObject Win32_ServerConnection -ComputerName $ServerName | ? { $_Username -eq $user } | Select -First 1 -Expand ComputerName

Open in new window

where $user is the extracted user from EventLog. All you have to do then is to shutdown that machine forcefully, like with
shutdown /m $PC /f /t 15 /s /c "Cryptolocker found! Machine will be shut down now!"

Open in new window

LVL 71

Expert Comment

ID: 40803112
I'm sorry, but I don't understand
a) why it took you so long to accept an answer
b) your choice to accept http:#a40391236

Are you into solutions obfuscating your task at hand?

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question