3
1
I'm writing a program one of whose functions is to get the current logon sessions on a Windows computer. It queries WMI for the current sessions with logon type 2 (interactive), logon type 10 (remote interactive) and logon type 11 (cached interactive). The code I have works OK, except for one thing I just noticed. When I was testing it in my work domain environment, everything was fine, but now that I'm at home and logged on outside of our work network, I'm not getting any sessions at all -- and I thought I would get my logon session as a cached interactive session.
So I've tested it with this PS code taken from this website:
$computername = "mycomputername"
Get-WmiObject -Class Win32_LogonSession -ComputerName $computername |
foreach {
$data = $_
$id = $data.__RELPATH -replace """", "'"
$q = "ASSOCIATORS OF {$id} WHERE ResultClass = Win32_Account"
Get-WmiObject -ComputerName $computername -Query $q |
select @{N="User";E={$($_.Caption)}},
@{N="LogonTime";E={$data.ConvertToDateTime($data.StartTime)}}
}
which simply takes all logon sessions. And again, it's like I haven't logged on at all:
User LogonTime
---- ---------
mycomputername\IUSR 1/22/2016 12:07:50 AM
mycomputername\SYSTEM 1/22/2016 12:07:09 AM
mycomputername\LOCAL SERVICE 1/22/2016 12:07:11 AM
mycomputername\NETWORK SERVICE 1/22/2016 12:07:10 AM
mycomputername\ANONYMOUS LOGON 1/22/2016 12:08:03 AM
My actual username is not shown... Why could that be? What can I do to get to see my logon session?
Ah, I see. I thought of using the antecedent property but win32_account seemed much cleaner. Oh well. Thanks a lot for the info, I'll change the code and all being well, all will be well! (I hope you don't mind if I keep the bounty open for a bit - some more exposure should probably not hurt.) – Michał Masny – 2016-01-24T03:30:34.240