how to find out who is logged into a computer

A common job whatever Windows admin might have is finding out, locally or remotely, which user account is logged onto a particular computer. Many tools exist for this purpose, and one of them, of grade, is PowerShell.

Author
Recent Posts

Adam Bertram is a twenty-twelvemonth Information technology veteran, Microsoft MVP, blogger, and trainer.

A Windows admin might demand this data to create reports, to track down malware infection or to see who'due south in the office. Since this is a repeatable task, it'southward a good thought to build a script that you can reuse over and over again, rather than having to figure out how to practice it every time.

In this article, I'm going to go over how to build a PowerShell script to find a logged-on user on your local Windows machine, besides as on many different remote Windows machines at once. By the end, you lot should accept a good understanding of what it takes to query the logged-on user of a Windows computer. You volition too empathise how to build a PowerShell script to execute the command on multiple computers at the aforementioned time.

With PowerShell, getting the business relationship information for a logged-on user of a Windows automobile is easy, since the username is readily available using the Win32_ComputerSystem WMI instance. This tin exist retrieved via PowerShell by using either the Get-CimInstance or Become-WmiObject cmdlet. I prefer to use the older Get-WmiObject cmdlet because I'm yet working on older machines.

Get-WmiObject –ComputerName CLIENT1 –Class Win32_ComputerSystem | Select-Object UserName

Output

If you prefer to utilise CIM, you tin can likewise use Get-CimInstance to return the same consequence.

Become-CimInstance –ComputerName CLIENT1 –ClassName Win32_ComputerSystem | Select-Object UserName

End of article, correct? I suppose you could say I did just show you how to observe a logged-on user remotely. However, nosotros need to make this reusable, more user-friendly and easy to perform on multiple computers. Permit'southward accept it a step further and build a PowerShell function from this.

First, let's build our template role. Information technology looks like this:

office Get-LoggedOnUser  {      [CmdletBinding()]      param      (          [Parameter()]          [ValidateScript({ Test-Connection -ComputerName $_ -Serenity -Count i })]          [ValidateNotNullOrEmpty()]          [string[]]$ComputerName = $env:COMPUTERNAME      )  }

Here, we have an advanced function with a single parameter: ComputerName. We also want to incorporate some parameter validations to ensure that the figurer responds to a ping request before we query it. Also, notice the parameter type: [string[]]. Notice how there is an extra set of brackets in there? This makes ComputerName a cord collection, rather than simply a unproblematic string. This is going to allow us to specify multiple computer names, separated past commas. We'll run across how this comes into play a flake later.

One time we accept the office template down, we'll demand to add some functionality. To do that, let's add together a foreach loop, in case $ComputerName has multiple computer names, and and then create a custom object for each reckoner, querying each for the logged-on user.

function Become-LoggedOnUser  {      [CmdletBinding()]      param      (          [Parameter()]          [ValidateScript({ Test-Connection -ComputerName $_ -Tranquillity -Count 1 })]          [ValidateNotNullOrEmpty()]          [string[]]$ComputerName = $env:COMPUTERNAME      )      foreach ($comp in $ComputerName)      {          $output = @{ 'ComputerName' = $comp }          $output.UserName = (Become-WmiObject -Grade win32_computersystem -ComputerName $comp).UserName          [PSCustomObject]$output      }  }

Here, notice that instead of outputting only the username, we are edifice a custom object that outputs the computer name as well, then that when multiple computer names are used, I can tell which username coincides with which computer.

At present, let's run this and run across what the output looks like when we don't specify a estimator proper name.

Without specified computer name

Without specified computer proper noun

My local computer proper noun is WINFUSIONVM, and I am logged in through a local business relationship called Adam. Now, allow's run into what it looks similar when we query a remote computer.

Queried a remote computer

In the instance to a higher place, notice that the account exists within a domain. We know this because the username starts with MYLAB, rather than MEMBERSRV1.

Finally, let's pass a couple unlike computer names through this office.

Different computer names