0

In one system there are multiple users are logged in.

I would like to know which user logged and locked the system.

I tried to find the LogonUI.exe availability. but I am not getting proper username of the LogonUI.exe 

$uname = $env:UserName
$procs = @()
$allProcs = @(Get-WmiObject win32_process)
foreach($proc in $allProcs)
{
    if($proc.getowner().user -eq $uname) {
         if($proc.ProcessName() -eq LogonUI) {
              "system locked"
         }
    }
}

I tried this way. but even though user locked the system I am not getting it as locked. because it is failing at user name check. most of the time it is coming as blank. any help?

surendra
  • 551
  • 3
  • 13
  • 27
  • What is `LogonUI`? Is it a `ProcessName`? If yes, then it is a `string` and should be enclosed within `double quotes("LogonUI")` or `single quotes('LogonUI')` – Vivek Kumar Singh Feb 13 '18 at 09:53

2 Answers2

0

Since PowerShell 4, you can use Get-Process -IncludeUserName for getting user-names directly - as per https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-process

You can also check some of the solutions on this thread too get more direct statuses from the session-manager: Powershell script to see currently logged in users (domain and machine) + status (active, idle, away)

muratiakos
  • 1,064
  • 11
  • 18
0

I'm not completely sure if you are working in a domain or only on your local machine. But if perhaps you should try this out.

https://blogs.technet.microsoft.com/heyscriptingguy/2011/08/31/use-powershell-to-find-locked-out-user-accounts/

This is a post of the scripting guy from microsoft. So if your lucky this should already solve your problem.

C3R3S1A
  • 26
  • 2