If you go into your system32 directory and list executables that start with q, you will some others, like qwinsta.exe and qprocess.exe, as well as quser.exe Microsoft kept these executables ever since.
I am familiar with them, because many years ago I had written a perl application to monitor Citrix Servers and these commands came handy at the time.
Anyway, PowerShell tip yesterday was about finding out logged on user:
PS H:\> quser USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME >adil console 1 Active none 1/15/2014 11:35 AM PS H:\> (quser) -replace '\s{2,}',','|ConvertFrom-Csv SERNAME : >adil SESSIONNAME : console ID : 1 STATE : Active IDLE TIME : none LOGON TIME : 1/15/2014 11:35 AM
The first command shows what you would have seen by running the command on the current machine, and Tobias Weltner's tip shows us how to first replace 2 or more spaces with ',' and then, use ConvertFrom-CSV cmdlet to convert string into a reusable PowerShell Object (PSObject).
Today, there was a follow up on the tip to find out who logged on on a remote computer, using /server parameter. One of my colleagues tried it and and reported that it was not working for her.
Error 0x000006BA enumerating sessionnames Error [1722]: The RPC server is unavailable.
The first line of error suggested that it was a permissions issue, but she was an admin on the remoe windows 7 box.
The second line was telling us that the remote machine was not responding to Remote Procedure Call (RPC).
So, to fix this, we needed to enable RemoteRPC calls in the registry of the remote machine.
PS H:\> invoke-command -computername adil-w7x32vm2 -Command { set-itemproperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name AllowRemoteRPC -Value 0x1 -Force }
And once the RemoteRPC is allowed, query goes through without any errors.
PS H:\> (quser /server:adil-w7x32vm2) -replace '\s{2,}',','|ConvertFrom-Csv USERNAME : testuser SESSIONNAME : console ID : 3 STATE : Active IDLE TIME : none LOGON TIME : 1/15/2014 10:29 AMNote that, you migh also use the following command to connect to remote registry and change the setting, in case you cannot use invoke-command:
reg add "\\ComputerName\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v AllowRemoteRPC /t Reg_Dword /d 0x1 /f And query to make sure the change took place: PS H:\> reg query "\\adil-w7x32vm2\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v AllowRemoteRPC HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server AllowRemoteRPC REG_DWORD 0x1
No comments:
Post a Comment