Archive for May 17th, 2007

Longhorn RDP Airlift Slides

Here are the slides I was showing on the Longhorn Airlift AD PowerShell session:

LonghornAirlift_ADPowerShell_PowerGUI_Dmitry_Sotnikov.ppt

Overall the session went well. I was surprised that a big part of the audience was not that familiar with PowerShell as such but everyone seemed pretty interested and I saw people taking notes during the session.

We used Longhorn Beta 3 for the demos and everything went surprisingly well. I even demoed experimental cmdlets for granular password policies.

P.S. In case you get the DVD and listen to the session or just were there. During the demo I completely forgot to mention that the new-account.ps1 script I was showing while demonstrating the ADSI approach is from Adam Bell. Thanks to Adam for providing that on his blog!

Tags: , , , , , , , , , , , , , ,

Find where that user is

There was a question in the PowerShell newsgroup on finding on which computer is a particular user located.

Here’s my take on the one-liner finding the user and computer:

PS C:\> Get-QADComputer | foreach { Get-WmiObject -Class Win32_ComputerSystem -ComputerName $_.Name } | where { $_.UserName -eq "DOMAIN\username" } | Format-Table Name, UserName

Name                                    UserName
----                                    --------
MYCOMP                                  DOMAIN\username

Basically I am:

1. Getting the list of computers.

2. Going to each of them with a WMI query to get information on the current session on the computer.

3. Applying the where filter comparing the UserName property to the username.

4. Outputting the computername and username in a table.

This is it!

You can make it slightly complicated if you need IP address (it is not present in the Win32_ComputerSystem class) – we can get that by adding:

PS C:\> Get-QADComputer | foreach { Get-WmiObject -Class Win32_ComputerSystem -ComputerName $_.Name } | where { $_.UserName -eq "Domain\username" } | foreach { Get-WmiObject -Class Win32_NetworkAdapterConfiguration -ComputerName $_.Name } | where {$_.IPEnabled -eq $true } | Format-Table __SERVER, IPAddress

__SERVER                                IPAddress
--------                                ---------
MYCOMP                                  {192.168.99.18}

This one gives a table of the computernames and IP addresses that have the user logged in at the moment. Now the output does not have the username but I guess you know it already because you were searching for the name!

(I am also filtering out the network interfaces without IP address.)

The other issue is that it does not take terminal services logins. Don’t know of the top of my head how to add enumeration of those. Should be possible. This is the article I found that has the code doing that in C++: http://www.codeproject.com/system/logonsessions.asp

Tags: , , , , , , , ,


My Recent Tweets

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

May 2007
M T W T F S S
« Apr   Jun »
 123456
78910111213
14151617181920
21222324252627
28293031  

%d bloggers like this: