Does any know how I can get the computername of a user connected to a file share?
I started using FSRM to monitor for files that are created when a crypto virus hits. We have had several in the past few weeks.
Currently FSRM sends an email to me and logs an event when ever decrypt_instructions.txt is added to a folder.
This works pretty good so long as I can get to the user fast enough and have his machine shutdown before it gets too far
I would like to be able to run a scheduled task on my file servers based on this event id which will shutdown the computer.
The event log only shows the user and not computer so the script would have to I guess query the active sessions by username , then determine the computername and run the shutdown command against that computer.
Any and all help would be greatly appreciated
WP
Script to determine computername of user connected to share
