Find logged on Users

Today I got asked to figure out what servers our team members are logged into. What better way than to right up a PowerShell script that runs every morning and shoots us an email. This process also helps out with the question "WHAT SERVER IS LOCKING OUT MY ACCOUNT!". I do have another PowerShell script that checks the PDC Emulators security logs for that, but that will be in a future post.






The script is a little long to explain so I'm just going to post it. I cant remember where I got the html section from. It's freak'n ugly (I'm not an html programmer), but works. Just go through and change the usernames you want to check for and the smtp settings at the bottom of the script. Also, you will need to have psloggedon.exe from....




https://technet.microsoft.com/en-us/sysinternals/psloggedon.aspx


Just make sure the exe is in your system32 dir.









CLS
<#
    .NOTES
    --------------------------------------------------------------------------------
     Code generated by:            Keith Smith
     Generated on:                06/30/2016
     Description:                Checks to see who is logged onto any servers
                                with their admin account

    --------------------------------------------------------------------------------

#>

#----------------------------------------------
# Variables
#----------------------------------------------

write-host "Generating the Serverlist."
write-host "`tLoading..."
# This is the main array that gets all server names in the entire domain
[array]$ServerList = get-adcomputer -filter { operatingsystem -like "*server*" }

# how many servers do we have?
# Information could be useful somewhere?
$TotalAmountOfServers = $ServerList.count

# If you wanted to search a couple servers uncomment the below
#[array]$ServerList = "ustxcr00exc11i","ustxcr00exc12i","ustxcr00exc13i","ustxcr00exc14i","ustxcr00exc15i","ustxcr00exc16i","ustxcr00exc17i","ustxcr00exc18i"

# Build an array with usernames of who you want to check
[array]$AllTheUserNames = "admin_bob", "admin_john", "admin_alex", "admin_keith"

# Create a blank array for all the bad users that are still logged in
[array]$BadUsers = @()

$ScriptStartTime = Get-Date

#----------------------------------------------
# Main
#----------------------------------------------

# Create a foreach loop that goes through each server in the serverlist array
foreach ($EachServer in $ServerList)
{
    
    # uncomment the below if you want to see which server you are querying
    write-host "Querying: $($EachServer.Name)" -foregroundcolor yellow
    
    # Awesome command Lumakar found to pull logged on users
    # Run the command and put the results into a variable called TheResults
    # psloggedon.exe mus be in the system32 dir on the computer you run this
    $TheResults = psloggedon.exe -l -x `\`\$($EachServer.name)
    #$TheResults = psloggedon.exe -l -x `\`\$($EachServer)
    
    # Created Nested foreach loop that goes through each username for each server
    foreach ($EachUserName in $AllTheUserNames)
    {
        # Go through the results one by one and check if the username is in the TheResults variable
        if ($TheResults -like "*$EachUserName*")
        {
            # Do something
            [array]$BadUsers += "`t$($EachUserName)`t`t`n$($EachServer.name)"
        }
        else
        {
            # Dont do anything
            # Some kind of logic could go here
        }
    }
}

$BadUsers = $BadUsers | sort

$ScriptEndTime = Get-Date
$ScriptTotalTime = $ScriptEndTime - $ScriptStartTime

# Clear the screen
# Clear-host is the proper way to do it, but I am old school
CLS

$HTMLCode = @"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <html ES_auditInitialized='false'><head><title> Logged On User Report</title>
    <META http-equiv=Content-Type content='text/html; charset=windows-1252'>
    <STYLE type=text/css>    
        DIV .expando {DISPLAY: block; FONT-WEIGHT: normal; FONT-SIZE: 8pt; RIGHT: 10px; COLOR: #ffffff; FONT-FAMILY: Tahoma; POSITION: absolute; TEXT-DECORATION: underline}
        TABLE {TABLE-LAYOUT: fixed; FONT-SIZE: 100%; WIDTH: 100%}
        #objshowhide {PADDING-RIGHT: 10px; FONT-WEIGHT: bold; FONT-SIZE: 8pt; Z-INDEX: 2; CURSOR: hand; COLOR: #000000; MARGIN-RIGHT: 0px; FONT-FAMILY: Tahoma; TEXT-ALIGN: right; TEXT-DECORATION: underline; WORD-WRAP: normal}
        .heading0_expanded {BORDER-RIGHT: #bbbbbb 1px solid; PADDING-RIGHT: 5em; BORDER-TOP: #bbbbbb 1px solid; DISPLAY: block; PADDING-LEFT: 8px; FONT-WEIGHT: bold; FONT-SIZE: 8pt; MARGIN-BOTTOM: -1px; MARGIN-LEFT: 0px; BORDER-LEFT: #bbbbbb 1px solid; WIDTH: 100%; CURSOR: hand; COLOR: #FFFFFF; MARGIN-RIGHT: 0px; PADDING-TOP: 4px; BORDER-BOTTOM: #bbbbbb 1px solid; FONT-FAMILY: Tahoma; POSITION: relative; HEIGHT: 2.25em; BACKGROUND-COLOR: #CCCC00}
        .heading_collapsed {BORDER-RIGHT: #bbbbbb 1px solid; PADDING-RIGHT: 5em; BORDER-TOP: #bbbbbb 1px solid; DISPLAY: block; PADDING-LEFT: 16px; FONT-WEIGHT: bold; FONT-SIZE: 8pt; MARGIN-BOTTOM: -1px; MARGIN-LEFT: 5px; BORDER-LEFT: #bbbbbb 1px solid; WIDTH: 100%; CURSOR: hand; COLOR: #ffffff; MARGIN-RIGHT: 0px; PADDING-TOP: 4px; BORDER-BOTTOM: #bbbbbb 1px solid; FONT-FAMILY: Tahoma; POSITION: relative; HEIGHT: 2.25em; BACKGROUND-COLOR: #7BA7C7}
        .heading_expanded {BORDER-RIGHT: #bbbbbb 1px solid; PADDING-RIGHT: 5em; BORDER-TOP: #bbbbbb 1px solid; DISPLAY: block; PADDING-LEFT: 16px; FONT-WEIGHT: bold; FONT-SIZE: 8pt; MARGIN-BOTTOM: -1px; MARGIN-LEFT: 5px; BORDER-LEFT: #bbbbbb 1px solid; WIDTH: 100%; CURSOR: hand; COLOR: #ffffff; MARGIN-RIGHT: 0px; PADDING-TOP: 4px; BORDER-BOTTOM: #bbbbbb 1px solid; FONT-FAMILY: Tahoma; POSITION: relative; HEIGHT: 2.25em; BACKGROUND-COLOR: #A5A5A5}
        .tableDetail {BORDER-RIGHT: #bbbbbb 1px solid; BORDER-TOP: #bbbbbb 1px solid; DISPLAY: block; PADDING-LEFT: 16px; FONT-SIZE: 8pt;MARGIN-BOTTOM: -1px; PADDING-BOTTOM: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #bbbbbb 1px solid; WIDTH: 100%; COLOR: #000000; MARGIN-RIGHT: 0px; PADDING-TOP: 4px; BORDER-BOTTOM: #bbbbbb 1px solid; FONT-FAMILY: Tahoma; POSITION: relative; BACKGROUND-COLOR: #f9f9f9}
        .filler {BORDER-RIGHT: medium none; BORDER-TOP: medium none; DISPLAY: block; BACKGROUND: none transparent scroll repeat 0% 0%; MARGIN-BOTTOM: -1px; FONT: 100%/8px Tahoma; MARGIN-LEFT: 43px; BORDER-LEFT: medium none; COLOR: #ffffff; MARGIN-RIGHT: 0px; PADDING-TOP: 4px; BORDER-BOTTOM: medium none; POSITION: relative}
        .Solidfiller {BORDER-RIGHT: medium none; BORDER-TOP: medium none; DISPLAY: block; BACKGROUND: none transparent scroll repeat 0% 0%; MARGIN-BOTTOM: -1px; FONT: 100%/8px Tahoma; MARGIN-LEFT: 0px; BORDER-LEFT: medium none; COLOR: #000000; MARGIN-RIGHT: 0px; PADDING-TOP: 4px; BORDER-BOTTOM: medium none; POSITION: relative; BACKGROUND-COLOR: #000000}
        td {VERTICAL-ALIGN: TOP; COLOR: #000000; FONT-FAMILY: Tahoma}
        th {VERTICAL-ALIGN: TOP; COLOR: #000000; TEXT-ALIGN: left}
    </STYLE>

    </HEAD>
    <BODY>
    <p><b>    <font face="Arial" size="5"><b><i>Logged On User Report - Hours: $($ScriptTotalTime.Hours) Minutes: $($ScriptTotalTime.Minutes) <hr size="4" color="#2b52ed"></i></b></font>
    <br>
    <TABLE cellSpacing=0 cellPadding=0>
        <TBODY>
            <TR>
                <TD>
                    <DIV id=objshowhide tabIndex=0><FONT face=Arial></FONT></DIV>
                </TD>
            </TR>
        </TBODY>
    </TABLE>

"@

$header = @"
    <DIV class=container>
            <DIV class={0}>
                <SPAN class=sectionTitle tabIndex=0></SPAN>
                <A class=expando href='#'></A>
            </DIV>
            <DIV class=container>
                <DIV class=tableDetail>
                
                
                
                <TABLE>
                    <tr>
                        <th width='30%'><b>Users who need to log off</b></th>
                    </tr>
"@

$HTMLCode += $header

foreach ($BadUser in $BadUsers)
{
    $HTMLCode += @"
    <tr>
        <td width='30%'>$BadUser</td>
    </tr>

"@
}

$HTMLCode += @"
    </TABLE>
    
                    </DIV>
            </DIV>
        </DIV>
        
        <DIV class=filler></DIV>

    </body>
    </html>
"@

#Configuration Variables for E-mail
$SmtpServer = "mail.contoso.local"
$EmailFrom = "Report <postmaster@contoso.local>"
$EmailTo = "AdminTeam@contoso.local"
$EmailSubject = "Logged On User Report"



#Send E-mail from PowerShell script
Send-MailMessage -To $EmailTo -From $EmailFrom -Subject $EmailSubject -Body $HTMLCode -BodyAsHtml -SmtpServer $SmtpServer




Comments

Popular posts from this blog

"F" Keys don't work!

NSIP, MIP, SNIP, VIP explanation

Microsoft - Gpresult ERROR Access Denied