none
How to get terminal information of logined user in windows 7 and windows server via program? RRS feed

  • 问题

  • As a server administrator, I have to  manage a lot of servers which are running windows 7 and windows server system in company.

    In servers, many users will login and use company, the password of every user will not change frequently.

    So I want to know who is loging but without permission.

    I want to get the hostname of every user and their ip and mac address, in that way, I can compare with the data of authorized user list to find out who is invalid user and contact them to apply valid access power.

    For methods, I want to through program such as bat, vbs, powershell or other effective language to make it achive. 

    Hope to get your sincerely reply and warmly discussion, thank you!

    2020年2月19日 8:01

全部回复

  • Hi,

    Based on my understanding, we want to get client connection information for multi-session (RDS) servers. If there is any misunderstanding, please kindly correct me.
    If this is the case, we may try the following:
    Logic: get the server list from file and get the connection information for each server one by one. The script can be similar as below:

     $servers=import-csv c:\test.csv # store RDS servers
     foreach ($server in $servers) 
    { 
    Get-TSSession -computername $server |out-file c:\test.txt -append
     }

    Hope it can help. Please feel free to let us know if you need further assistance.

    2020年2月20日 8:29
    版主
  • Thanks for your reply.

    Maybe we can do this from one server. If one is OK, other server can do this by follow the same way.
    For example, one server have a,b,c three user account that be set in system control panel.
    And at some time, c is forbidden to access the server, but someone use the previous password and c user name to login,
    at that time, there will have some information of terminal is showed on task manager, in windows 7, there will show the hostname of login terminal, but server os will not show this.
    So I want to grab the hostname or any other physical information of login client to find out their real identity.
    If I can get hostname or other information of every login user, I can compare with my database that save the relationship between hostname and real user name.
    In that way, I can find out who is login but not get valid authority.

    2020年2月20日 11:48
  • 您好,

    为了避免理解上的偏差,想和您确认几个问题:

    您的计算机有没有加域?

    您说的abc账户是域账户还是本地账户?

    您想要得到实时连接信息还是历史连接信息?如果是实时连接信息,上一条回复的语句就能实现,其示意图如下 (可以拿到 client hostname, client ip, username):

    如果是想获取历史连接信息,可以采用以下的脚本来实现 (可以拿到 client ip, username, 您需要把用户帐户替换成您实际环境中的)

    $LogName = 'Microsoft-Windows-TerminalServices-LocalSessionManager/Operational'
    $Results = @()
    $Events = Get-WinEvent -LogName $LogName
    foreach ($Event in $Events) {
        $EventXml = [xml]$Event.ToXML()
    
        $ResultHash = @{
            Time        = $Event.TimeCreated.ToString()
            Username    = $EventXml.Event.UserData.EventXML.User
            SourceIP = $EventXml.Event.UserData.EventXML.Address
            EventID  = $Event.Id
        }
    
        $Results += (New-Object PSObject -Property $ResultHash)
    }
    
    $Results | ?{$_.username -like 'C*' -and $_.EventID -eq 21} | select username, SourceIP, Time

    另外,Win7同时只允许1个用户登录,您说的任务管理器中是有其他人登录吗?而server OS又没有类似功能,这点不是太明确。能否提供相关截图?


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    2020年2月20日 14:00
    版主