Powershell - Find the user who invoked the script

powershell powershell-2.0 powershell-remoting
33,933

Interesting question. I wrote a script with three different ways to get the user like so:

([Environment]::UserDomainName + "\" + [Environment]::UserName) | out-file test.txt
"$env:userdomain\$env:username" | out-file -append test.txt
[Security.Principal.WindowsIdentity]::GetCurrent().Name | out-file -append test.txt
notepad test.txt

Saved it as test.ps1 and called it using runas as:

runas /user:domain\user "powershell e:\test.ps1"

And I got the domain\user all three times in the output. Used runas to just distinguish between the user I am logged in as (me!!) and the domain\user with which I was running it as. So it does give the user that is running the script.

Share:
33,933
Sanjeev
Author by

Sanjeev

Updated on September 22, 2020

Comments

  • Sanjeev
    Sanjeev over 3 years

    I have a script(Let's call it myPSScript.ps1) which takes two parameters and performs predefined steps. Script is located in a Windows Server box which people login and execute the script. Supports two users to be logged in at the given time.

    I want to find out who invoked the script. 

    (Get-WmiObject -Class Win32_Process | Where-Object {$_.ProcessName -eq 'explorer.exe'}).GetOwner() | Format-Table Domain, User

    This works when the user is logged in currently and trying to run the script. But what if I have a batch file in scheduled tasks and run the same script?

    In that case the same command returns a null exception, as there is no one logged into the machine.

    Is there a way to find out who/which process invoked the powershell script. I vaguely remember Start-Transcript records which user the command is run from etc, so this should be possible?

    Thanks! Sanjeev

  • Sanjeev
    Sanjeev over 12 years
    Perfect. This also works when the script is triggered using Invoke-Command from a different machine and different users - which is exactly I was looking for. Now I can audit who does what and when :)
  • Sanjeev
    Sanjeev over 12 years
    One more problem. Let's say a person is logged into a windows server using a domain user. In that case the script gives us the domain user, but that is not helpful when it's used by more than one person. Terminal Service Manager shows the Client Name, which is the name of the client from which the person has connected from. Is there a way to get that info?
  • Sanjeev
    Sanjeev over 12 years
    Using PSTerminalServices module is one of the option to get that info.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why would a get-process -computername return a couldn't connect to remote machine error?
Powershell Copy-Item - Exclude only if the file exists in destination
Getting error while trying to invoke a powershell command on a remote machine
get file version of .dll in powershell from remote computers
Powershell's Invoke-Command won't take in a variable for -ComputerName parameter?
Powershell logging from invoke-command
How to remote execute an ELEVATED remote script in PowerShell
Import-PSSession : Proxy creation has been skipped for '%' command, because PowerShell couldn't verify its name as safe
WinRM cannot process the request - fails only over a specific domain
How to execute a powershell script available in remote machine?