A small script which can be used to find what user is logged into a station. Can be handy if you are looking for a station that does not have any user logged into it.

If filters out known SIDs and I have left the MS article in the comments if you need to add more to it.

Using it is as easy as loading the cmdlet:

Get-LoggedOnUser -ComputerName Some-Computer

It will accept values from the pipeline too, so if you are working on a domain:

Get-ADComputer SomeComputer | Get-LoggedOnUser
function Get-LoggedOnUser {
<#
.Synopsis
Gets the logged in user of the station
.DESCRIPTION
Uses WMI to get the user who is logged in while stripping out the common SIDS
.EXAMPLE
Get-LoggedOnUser
.EXAMPLE
Get-LoggedOnUser -ComputerName Some-Computer
.INPUTS
will accept values from the pipeline: "Computer", "__SERVER", "IPAddress"
.OUTPUTS
Will output type: System.Management.ManagementObject#root\cimv2\Win32_UserProfile
.NOTES
General notes
#>
[CmdletBinding()]
Param (
# Specify the name of one or more computers
[Parameter(
Position = 0,
Mandatory = $false,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
ParameterSetName = 'Computer'
)]
[Alias("Computer", "__SERVER", "IPAddress")]
$ComputerName = $env:COMPUTERNAME
)
#can filter out common sids that appear
# https://support.microsoft.com/en-gb/help/243330/well-known-security-identifiers-in-windows-operating-systems
$commonSIDS = @(
".DEFAULT",
"S-1-5-18",
"S-1-5-19",
"S-1-5-20",
"_Classes"
)
$wmiLoadedUser = Get-WmiObject win32_userprofile -ComputerName $computerName | where{$_.loaded -eq $true -and $_.SID -notmatch ($commonSIDS -join '|') }
$wmiLoadedUser
}
view raw Get-LoggedOnUser.ps1 hosted with ❤ by GitHub