PowerShell: Scanning Domain Computers for Logged on Users

I have been using PSLoggedOn for a while now to determine who is logged on to our Domain Computers.  However, with Windows 7, this has become a harder task to accomplish.  This is because Windows 7 disables the Remote Registry service by default as a security measure.  Rather than enable it I decided to check into what PowerShell could do.  And my script below is what I came up with.  But keep in mind that it appears this will only capture users that are logged on locally (or onto the console session).  Users logged in through Remote Desktop are not captured.

The script also captures some inventory information, just for fun. You can also modify this script to remove the Export-CSV aspect to have the information displayed to the PowerShell window if you choose.


# Only the modify these parameters in the file

$reportpath = "C:\Scripts\WhoIsLoggedOn_Results.csv"
$domainname = 'dc=domain,dc=com'

# Do not modify below this line

Import-Module ActiveDirectory

$computers=@(Get-ADComputer -SearchBase $domainname -Filter '*' | Select-Object -ExpandProperty Name)
$array = @()

foreach ($computername in $computers) {

Trap {
write-warning "Error Trapped for $computername"
write-warning $_.Exception.Message

if (Test-Connection $computername -erroraction silentlyContinue ) {
$array += get-wmiobject Win32_ComputerSystem -computername $computername |
select -property Name,Username,Manufacturer,Model,SystemType
else {
"***** " + $computername + " is down. *****"


$array | Export-CSV "$reportpath"

Download My Script (Right Click and choose Save Link As…)

This entry was posted in Active Directory, PowerShell and tagged , , . Bookmark the permalink.

One Response to PowerShell: Scanning Domain Computers for Logged on Users

  1. KC says:

    huge thanks from a pentester ;)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s